electron@36.7.4 vulnerabilities

Build cross platform desktop apps with JavaScript, HTML, and CSS

latest version

37.3.0

latest non vulnerable version

first published

13 years ago

latest version published

2 days ago

licenses detected

MIT
>=0

View electron package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the electron package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via `MediaStreamTrackImpl`. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Use After Free? Upgrade `electron` to version 37.2.6 or higher.	<37.2.6
C Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via the lack of limitation on max inlining ids in `MaglevGraphBuilder`. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 37.2.5 or higher.	<37.2.5
H Access of Resource Using Incompatible Type ('Type Confusion') electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via lack of support for escapes in `PreParserIdentifier` V8` process. An attacker can achieve heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Access of Resource Using Incompatible Type ('Type Confusion')? Upgrade `electron` to version 37.2.5 or higher.	<37.2.5
H Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via improper handling of possible socket destruction in `P2PSocketTcpBase`. An attacker can achieve heap corruption and potentially execute arbitrary code by enticing a user to visit a specially crafted HTML page. How to fix Use After Free? Upgrade `electron` to version 37.2.4 or higher.	<37.2.4
M Integer Overflow or Wraparound electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via an incorrect count being passed to `InstructionAccurateScope` in the V8 engine. An attacker can cause heap corruption by enticing a user to visit a specially crafted HTML page. How to fix Integer Overflow or Wraparound? Upgrade `electron` to version 37.2.4 or higher.	<37.2.4
H Incorrect Calculation of Buffer Size electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via insufficient validation of untrusted input in `ANGLE` and `GPU`. An attacker can escape the sandbox by submitting a specially crafted HTML page. How to fix Incorrect Calculation of Buffer Size? Upgrade `electron` to version 37.2.4 or higher.	<37.2.4

Go back to all versions of this package