CVE-2021-28119
Twinkle Tray (twinkle-tray) up to version 1.13.3 is affected. A remote attacker can trigger remote command execution by sending a crafted IPC message to the exposed ipcRenderer IPC interface, which invokes the dangerous openExternal API. The issue is documented across multiple sources (NVD, Red H...