Homepage

electron@29.4.5 vulnerabilities

Build cross platform desktop apps with JavaScript, HTML, and CSS

  • latest version

    35.1.2

  • latest non vulnerable version

    36.0.0-beta.1

  • first published

    12 years ago

  • latest version published

    4 days ago

  • licenses detected

  • View electron package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the electron package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Isolation or Compartmentalization

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild.

    Note: This vulnerability is only exploitable on Windows.

    How to fix Improper Isolation or Compartmentalization?

    Upgrade electron to version 33.4.8, 34.4.1, 35.1.2 or higher.

    <33.4.8>=34.0.0-alpha.1 <34.4.1>=35.0.0-alpha.1 <35.1.2
    • H
    Access of Resource Using Incompatible Type ('Type Confusion')

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in v8.

    How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

    Upgrade electron to version 33.4.6, 34.3.4 or higher.

    <33.4.6>=34.0.0 <34.3.4
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free through the V8 engine.

    How to fix Use After Free?

    Upgrade electron to version 32.3.3, 33.4.3 or higher.

    <32.3.3>=33.0.0-alpha.1 <33.4.3
    • M
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 32.3.2, 33.4.2 or higher.

    <32.3.2>=33.0.0-alpha.1 <33.4.2
    • H
    Out-of-bounds Read

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.

    How to fix Out-of-bounds Read?

    Upgrade electron to version 32.3.3, 33.4.3 or higher.

    <32.3.3>=33.0.0-alpha.1 <33.4.3
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free through the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 33.4.3 or higher.

    <33.4.3
    • H
    Out-of-bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim.

    How to fix Out-of-bounds Write?

    Upgrade electron to version 32.3.2, 33.4.2 or higher.

    <32.3.2>=33.0.0-alpha.1 <33.4.2
    • H
    Out-of-bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim.

    How to fix Out-of-bounds Write?

    Upgrade electron to version 32.3.2, 33.4.2 or higher.

    <32.3.2>=33.0.0-alpha.1 <33.4.2
    • H
    Out-of-bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content.

    How to fix Out-of-bounds Write?

    Upgrade electron to version 32.3.0 or higher.

    <32.3.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via the Compositing process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 31.7.7 or higher.

    <31.7.7
    • H
    Out-of-bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.

    How to fix Out-of-bounds Write?

    Upgrade electron to version 31.7.7 or higher.

    <31.7.7
    • M
    Access Restriction Bypass

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Access Restriction Bypass due to an inappropriate implementation in the Extensions feature. An attacker can bypass site isolation.

    How to fix Access Restriction Bypass?

    Upgrade electron to version 31.7.5, 32.2.5, 33.2.1 or higher.

    <31.7.5>=32.0.0-alpha.1 <32.2.5>=33.0.0 <33.2.1
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via the Serial process. An attacker can potentially exploit heap corruption.

    How to fix Use After Free?

    Upgrade electron to version 31.7.5, 32.2.5 or higher.

    <31.7.5>=32.0.0-alpha.1 <32.2.5
    • M
    Access of Resource Using Incompatible Type ('Type Confusion')

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

    How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

    Upgrade electron to version 32.2.3 or higher.

    <32.2.3
    • H
    Improper Access Control

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Improper Access Control due to an inappropriate implementation in Extensions. An attacker can bypass site isolation.

    How to fix Improper Access Control?

    Upgrade electron to version 31.7.4, 32.2.3 or higher.

    <31.7.4>=32.0.0 <32.2.3
    • M
    Access of Resource Using Incompatible Type ('Type Confusion')

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.

    How to fix Access of Resource Using Incompatible Type ('Type Confusion')?

    Upgrade electron to version 31.7.4, 32.2.3 or higher.

    <31.7.4>=32.0.0 <32.2.3
    • H
    Out-of-bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Write in Dawn.

    How to fix Out-of-bounds Write?

    Upgrade electron to version 31.7.4, 32.2.3 or higher.

    <31.7.4>=32.0.0 <32.2.3
    • M
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the V8 engine.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • M
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Fonts.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Type Confusion

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Type Confusion via the V8 engine.

    How to fix Type Confusion?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • C
    Out-of-Bounds Write

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-Bounds Write via the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Out-of-Bounds Write?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via the WebAudio process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    External Control of Assumed-Immutable Web Parameter

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via a crafted HTML page. An attacker can perform an out of bounds memory write by sending a specially crafted HTML content.

    How to fix External Control of Assumed-Immutable Web Parameter?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via the Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • M
    Type Confusion

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Type Confusion. An attacker can access memory locations outside of the intended bounds by crafting a malicious HTML page that triggers type confusion in the V8 engine.

    How to fix Type Confusion?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Out-of-bounds Read

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can access memory locations outside the intended boundary by crafting a malicious HTML page that triggers the flaw.

    How to fix Out-of-bounds Read?

    Upgrade electron to version 31.7.2 or higher.

    <31.7.2
    • H
    Out-of-bounds Read

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Read in Skia.

    How to fix Out-of-bounds Read?

    Upgrade electron to version 31.7.2, 32.2.2 or higher.

    <31.7.2>=32.2.0 <32.2.2
    • C
    Type Confusion

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Type Confusion via crafted HTML content. This can be exploited to escape the v8 sandbox and execute arbitrary code on the operating system.

    How to fix Type Confusion?

    Upgrade electron to version 31.7.1, 32.2.1 or higher.

    <31.7.1>=32.2.0 <32.2.1
    • H
    Type Confusion

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Type Confusion in InferHasInPrototypeChain of the V8 engine.

    How to fix Type Confusion?

    Upgrade electron to version 31.7.1, 32.2.1 or higher.

    <31.7.1>=32.2.0 <32.2.1
    • H
    Type Confusion

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Type Confusion in v8 engine.

    How to fix Type Confusion?

    Upgrade electron to version 32.3.0 or higher.

    <32.3.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free through the Media Stream process. An attacker can potentially exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page.

    How to fix Use After Free?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • C
    Out-of-bounds Read

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can potentially perform a sandbox escape by manipulating the memory outside its intended buffer limits.

    How to fix Out-of-bounds Read?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Out-of-bounds Read

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Out-of-bounds Read through the V8 engine. An attacker can access memory locations outside of the intended bounds by crafting a malicious HTML page.

    Note: This is only exploitable if the user navigates to or is redirected to a malicious web page.

    How to fix Out-of-bounds Read?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via specific UI gestures in the Screen Capture feature. An attacker can potentially exploit heap corruption by convincing a user to visit a crafted HTML page.

    How to fix Use After Free?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Heap-based Buffer Overflow

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the V8 engine. An attacker can corrupt memory and potentially execute arbitrary code by crafting a malicious HTML page.

    Note: This is only exploitable if the user navigates to or is redirected to a malicious web page.

    How to fix Heap-based Buffer Overflow?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free via the Navigation process. An attacker can exploit heap corruption by convincing a user to install a malicious extension.

    How to fix Use After Free?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • M
    Race Condition

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Race Condition via a crafted Chrome Extension. An attacker who convinced a user to install a malicious extension can inject scripts or HTML into a privileged page.

    How to fix Race Condition?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free through the Audio process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 29.4.6, 30.4.0 or higher.

    <29.4.6>=30.0.0 <30.4.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free in Loader component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 30.4.0, 31.4.0 or higher.

    <30.4.0>=31.0.0 <31.4.0
    • H
    Use After Free

    electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

    Affected versions of this package are vulnerable to Use After Free in Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.

    How to fix Use After Free?

    Upgrade electron to version 30.4.0, 31.4.0 or higher.

    <30.4.0>=31.0.0 <31.4.0
    Go back to all versions of this package