desktop-electron@1.0.0

My Electron application description

Direct Vulnerabilities

Known vulnerabilities in the desktop-electron package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Arbitrary Code Injection

desktop-electron is a My Electron application description

Affected versions of this package are vulnerable to Arbitrary Code Injection via the ELECTRON_RUN_AS_NODE environment variable. An attacker can execute arbitrary code with the application's entitlements and code signature by launching the signed binary with this variable set or by placing a file on disk and controlling command-line arguments. This can bypass macOS Gatekeeper review.

How to fix Arbitrary Code Injection?

A fix was pushed into the master branch but not yet published.

*