Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-ELECTRON-1088600
- published 25 Mar 2021
- disclosed 24 Mar 2021
- credit Alison Huffman
How to fix?
electron to version 10.4.1, 11.4.1 or higher.
Affected versions of this package are vulnerable to Out-of-bounds Write via a data race in the audio component. A remote attacker could potentially exploit heap corruption using a crafted HTML page.