electron 40.8.4

Direct Vulnerabilities

Known vulnerabilities in the electron package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L NULL Pointer Dereference electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to NULL Pointer Dereference in the `clipboard.readImage()` function when processing malformed clipboard image data. An attacker can cause the application to crash by placing invalid image data on the system clipboard and triggering the function. How to fix NULL Pointer Dereference? Upgrade `electron` to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.	<39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5
L Exposure of Resource to Wrong Sphere electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the `window.open()` function. An attacker can gain access to or manipulate the browsing context of a window opened by a different renderer by using the same target name, potentially inheriting elevated permissions such as privileged preload scripts or relaxed security settings. This is only exploitable if multiple top-level windows with differing trust levels are opened and `setWindowOpenHandler` is used to grant elevated `webPreferences` to child windows. How to fix Exposure of Resource to Wrong Sphere? Upgrade `electron` to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.	<39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5
L Use After Free electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the `release` callback of the `paint` event, when offscreen rendering with GPU shared textures is enabled. An attacker can cause a crash or memory corruption by invoking the callback after its backing native state has been freed. Note: This is only exploitable if offscreen rendering is used with `webPreferences.offscreen: { useSharedTexture: true }` enabled. How to fix Use After Free? Upgrade `electron` to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.	>=33.0.0-alpha.1 <39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5

Vulnerability

Vulnerable Version

NULL Pointer Dereference

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to NULL Pointer Dereference in the clipboard.readImage() function when processing malformed clipboard image data. An attacker can cause the application to crash by placing invalid image data on the system clipboard and triggering the function.

How to fix NULL Pointer Dereference?

Upgrade electron to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.

<39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5

Exposure of Resource to Wrong Sphere

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open() function. An attacker can gain access to or manipulate the browsing context of a window opened by a different renderer by using the same target name, potentially inheriting elevated permissions such as privileged preload scripts or relaxed security settings. This is only exploitable if multiple top-level windows with differing trust levels are opened and setWindowOpenHandler is used to grant elevated webPreferences to child windows.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade electron to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.

<39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5

Use After Free

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Use After Free in the release callback of the paint event, when offscreen rendering with GPU shared textures is enabled. An attacker can cause a crash or memory corruption by invoking the callback after its backing native state has been freed.

Note: This is only exploitable if offscreen rendering is used with webPreferences.offscreen: { useSharedTexture: true } enabled.

How to fix Use After Free?

Upgrade electron to version 39.8.5, 40.8.5, 41.1.0, 42.0.0-alpha.5 or higher.

>=33.0.0-alpha.1 <39.8.5>=40.0.0-alpha.2 <40.8.5>=41.0.0-alpha.1 <41.1.0>=42.0.0-alpha.1 <42.0.0-alpha.5

electron@40.8.4

Build cross platform desktop apps with JavaScript, HTML, and CSS

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically