org.webjars.npm:electron 32.0.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:electron package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Arbitrary Code Injection org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Arbitrary Code Injection via modification of the `resources` folder when the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses are enabled. An attacker can execute unauthorized code by altering files within the application directory, bypassing ASAR integrity checks. Note: This is only exploitable if the application is launched from a filesystem to which the attacker has write access. How to fix Arbitrary Code Injection? A fix was pushed into the `master` branch but not yet published.	[0,)
H Use After Free org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via `MediaStreamTrackImpl`. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Use After Free? There is no fixed version for `org.webjars.npm:electron`.	[0,)
C Access of Resource Using Incompatible Type ('Type Confusion') org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via the lack of limitation on max inlining ids in `MaglevGraphBuilder`. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? A fix was pushed into the `master` branch but not yet published.	[0,)
H Access of Resource Using Incompatible Type ('Type Confusion') org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via lack of support for escapes in `PreParserIdentifier` V8` process. An attacker can achieve heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? A fix was pushed into the `master` branch but not yet published.	[0,)
H Use After Free org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via improper handling of possible socket destruction in `P2PSocketTcpBase`. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. How to fix Use After Free? A fix was pushed into the `master` branch but not yet published.	[0,)
M Integer Overflow or Wraparound org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via an incorrect count being passed to `InstructionAccurateScope` in the V8 engine. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Integer Overflow or Wraparound? A fix was pushed into the `master` branch but not yet published.	[0,)
H Incorrect Calculation of Buffer Size org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via insufficient validation of untrusted input in `ANGLE` and `GPU`. An attacker can escape the sandbox by submitting a specially crafted HTML page. How to fix Incorrect Calculation of Buffer Size? A fix was pushed into the `master` branch but not yet published.	[0,)
H Improper Validation of Integrity Check Value org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value via the `ASAR` integrity validation process. An attacker can bypass integrity checks and modify application content by altering files within the application bundle on a filesystem to which they have write access. Note: This is only exploitable if `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses are enabled and the application is launched from a writable filesystem on Windows. How to fix Improper Validation of Integrity Check Value? A fix was pushed into the `master` branch but not yet published.	[0,)
M Heap-based Buffer Overflow org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The `nativeImage.createFromPath` or `nativeImage.createFromBuffer` APIs in Electron, which make use of Chromium's `JPEGCodec::Decode`, are vulnerable to a heap-based buffer overflow. An attacker can execute arbitrary code or cause a crash by supplying specially crafted image data. How to fix Heap-based Buffer Overflow? A fix was pushed into the `master` branch but not yet published.	[0,)
M Information Exposure org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Information Exposure via the `Loader` component. An attacker can leak sensitive cross-origin data by crafting a malicious HTML page. How to fix Information Exposure? A fix was pushed into the `master` branch but not yet published.	[0,)
H Function Call with Incorrectly Specified Arguments org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Function Call with Incorrectly Specified Arguments via an incorrect handle provided in unspecified circumstances in Mojo. An attacker can reflect a broker-initiated transport back to a broker, which ultimately allows for handle leaks if the reflected transport is later used to deserialize another transport containing handles. How to fix Function Call with Incorrectly Specified Arguments? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Isolation or Compartmentalization org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild. Note: This vulnerability is only exploitable on Windows. How to fix Improper Isolation or Compartmentalization? A fix was pushed into the `master` branch but not yet published.	[0,)
H Access of Resource Using Incompatible Type ('Type Confusion') org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in v8. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? A fix was pushed into the `master` branch but not yet published.	[0,)
H Use After Free org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. How to fix Use After Free? A fix was pushed into the `master` branch but not yet published.	[0,)
H Out-of-bounds Write org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim. How to fix Out-of-bounds Write? A fix was pushed into the `master` branch but not yet published.	[0,)
H Out-of-bounds Write org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim. How to fix Out-of-bounds Write? A fix was pushed into the `master` branch but not yet published.	[0,)
H Use After Free org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the `V8` engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page. How to fix Use After Free? A fix was pushed into the `master` branch but not yet published.	[0,)
M Heap-based Buffer Overflow org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters. How to fix Heap-based Buffer Overflow? A fix was pushed into the `master` branch but not yet published.	[0,)
H External Control of Assumed-Immutable Web Parameter org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to an integer overflow in the `Skia` component. How to fix External Control of Assumed-Immutable Web Parameter? A fix was pushed into the `master` branch but not yet published.	[0,)
H Out-of-bounds Read org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Read through the `Metrics` process. How to fix Out-of-bounds Read? A fix was pushed into the `master` branch but not yet published.	[0,)
C Out-of-bounds Write org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write in V8. How to fix Out-of-bounds Write? A fix was pushed into the `master` branch but not yet published.	[0,)
H Out-of-bounds Write org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page. How to fix Out-of-bounds Write? There is no fixed version for `org.webjars.npm:electron`.	[0,)
H Use After Free org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the `Compositing` process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page. How to fix Use After Free? There is no fixed version for `org.webjars.npm:electron`.	[0,)
H Out-of-bounds Write org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content. How to fix Out-of-bounds Write? There is no fixed version for `org.webjars.npm:electron`.	[0,)

Vulnerability

Vulnerable Version

Arbitrary Code Injection

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Arbitrary Code Injection via modification of the resources folder when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled. An attacker can execute unauthorized code by altering files within the application directory, bypassing ASAR integrity checks.

Note: This is only exploitable if the application is launched from a filesystem to which the attacker has write access.

How to fix Arbitrary Code Injection?

A fix was pushed into the master branch but not yet published.

[0,)

Use After Free

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via MediaStreamTrackImpl. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page.

How to fix Use After Free?

There is no fixed version for org.webjars.npm:electron.

[0,)

Access of Resource Using Incompatible Type ('Type Confusion')

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via the lack of limitation on max inlining ids in MaglevGraphBuilder. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

A fix was pushed into the master branch but not yet published.

[0,)

Access of Resource Using Incompatible Type ('Type Confusion')

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via lack of support for escapes in PreParserIdentifier V8` process. An attacker can achieve heap corruption by enticing a user to visit a specially crafted HTML page.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

A fix was pushed into the master branch but not yet published.

[0,)

Use After Free

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via improper handling of possible socket destruction in P2PSocketTcpBase. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page.

How to fix Use After Free?

A fix was pushed into the master branch but not yet published.

[0,)

Integer Overflow or Wraparound

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via an incorrect count being passed to InstructionAccurateScope in the V8 engine. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page.

How to fix Integer Overflow or Wraparound?

A fix was pushed into the master branch but not yet published.

[0,)

Incorrect Calculation of Buffer Size

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via insufficient validation of untrusted input in ANGLE and GPU. An attacker can escape the sandbox by submitting a specially crafted HTML page.

How to fix Incorrect Calculation of Buffer Size?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Validation of Integrity Check Value

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value via the ASAR integrity validation process. An attacker can bypass integrity checks and modify application content by altering files within the application bundle on a filesystem to which they have write access.

Note: This is only exploitable if embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled and the application is launched from a writable filesystem on Windows.

How to fix Improper Validation of Integrity Check Value?

A fix was pushed into the master branch but not yet published.

[0,)

Heap-based Buffer Overflow

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. The nativeImage.createFromPath or nativeImage.createFromBuffer APIs in Electron, which make use of Chromium's JPEGCodec::Decode, are vulnerable to a heap-based buffer overflow. An attacker can execute arbitrary code or cause a crash by supplying specially crafted image data.

How to fix Heap-based Buffer Overflow?

A fix was pushed into the master branch but not yet published.

[0,)

Information Exposure

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure via the Loader component. An attacker can leak sensitive cross-origin data by crafting a malicious HTML page.

How to fix Information Exposure?

A fix was pushed into the master branch but not yet published.

[0,)

Function Call with Incorrectly Specified Arguments

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Function Call with Incorrectly Specified Arguments via an incorrect handle provided in unspecified circumstances in Mojo. An attacker can reflect a broker-initiated transport back to a broker, which ultimately allows for handle leaks if the reflected transport is later used to deserialize another transport containing handles.

How to fix Function Call with Incorrectly Specified Arguments?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Isolation or Compartmentalization

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild.

Note: This vulnerability is only exploitable on Windows.

How to fix Improper Isolation or Compartmentalization?

A fix was pushed into the master branch but not yet published.

[0,)

Access of Resource Using Incompatible Type ('Type Confusion')

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in v8.

How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

A fix was pushed into the master branch but not yet published.

[0,)

Use After Free

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the V8 engine.

How to fix Use After Free?

A fix was pushed into the master branch but not yet published.

[0,)

Out-of-bounds Write

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim.

How to fix Out-of-bounds Write?

A fix was pushed into the master branch but not yet published.

[0,)

Out-of-bounds Write

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim.

How to fix Out-of-bounds Write?

A fix was pushed into the master branch but not yet published.

[0,)

Use After Free

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free through the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

How to fix Use After Free?

A fix was pushed into the master branch but not yet published.

[0,)

Heap-based Buffer Overflow

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters.

How to fix Heap-based Buffer Overflow?

A fix was pushed into the master branch but not yet published.

[0,)

External Control of Assumed-Immutable Web Parameter

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter due to an integer overflow in the Skia component.

How to fix External Control of Assumed-Immutable Web Parameter?

A fix was pushed into the master branch but not yet published.

[0,)

Out-of-bounds Read

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Read through the Metrics process.

How to fix Out-of-bounds Read?

A fix was pushed into the master branch but not yet published.

[0,)

Out-of-bounds Write

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write in V8.

How to fix Out-of-bounds Write?

A fix was pushed into the master branch but not yet published.

[0,)

Out-of-bounds Write

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.

How to fix Out-of-bounds Write?

There is no fixed version for org.webjars.npm:electron.

[0,)

Use After Free

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free via the Compositing process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

How to fix Use After Free?

There is no fixed version for org.webjars.npm:electron.

[0,)

Out-of-bounds Write

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content.

How to fix Out-of-bounds Write?

There is no fixed version for org.webjars.npm:electron.

[0,)

org.webjars.npm:electron@32.0.1 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically