electron@29.3.3 vulnerabilities

Build cross platform desktop apps with JavaScript, HTML, and CSS

latest version

30.0.9
latest non vulnerable version

31.0.0-beta.7
first published

12 years ago
latest version published

2 days ago
licenses detected
- MIT
  >=0
View electron package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the electron package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the `Dawn` process. An attacker can potentially exploit heap corruption by using a crafted HTML page. How to fix Use After Free? Upgrade `electron` to version 28.3.2, 29.4.1 or higher.	>=28.0.0 <28.3.2 >=29.0.0 <29.4.1
H Privilege Context Switching Error electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Privilege Context Switching Error in `libuv`'s handling of `io_uring` operations called before calling `setuid()`. This allows users to elevate privileges. How to fix Privilege Context Switching Error? Upgrade `electron` to version 29.4.0 or higher.	<29.4.0

Use After Free

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Dawn process. An attacker can potentially exploit heap corruption by using a crafted HTML page.

How to fix Use After Free?

Upgrade electron to version 28.3.2, 29.4.1 or higher.

>=28.0.0 <28.3.2 >=29.0.0 <29.4.1

Privilege Context Switching Error

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Privilege Context Switching Error in libuv's handling of io_uring operations called before calling setuid(). This allows users to elevate privileges.

How to fix Privilege Context Switching Error?

Upgrade electron to version 29.4.0 or higher.

<29.4.0

Go back to all versions of this package

electron@29.3.3 vulnerabilities

Build cross platform desktop apps with JavaScript, HTML, and CSS

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities