Inappropriate implementation Affecting electron package, versions <15.5.5>=16.0.0 <16.2.6>=17.0.0 <17.4.4>=18.0.0 <18.2.2


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.21% (61st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JS-ELECTRON-2808874
  • published15 May 2022
  • disclosed6 May 2022
  • creditAbdulrahman Alqabandi

Introduced: 6 May 2022

CVE-2022-1497  (opens in a new tab)
CWE-358  (opens in a new tab)

How to fix?

Upgrade electron to version 15.5.5, 16.2.6, 17.4.4, 18.2.2 or higher.

Overview

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Inappropriate implementation in Input.

CVSS Scores

version 3.1