VersionEye 2.0

Renderers can obtain access to random bluetooth device without permission in Electron

Published date: 2022-03-22T18:49:36Z

CVE: CVE-2022-21718

Links:

Impact

This vulnerability allows renderers to obtain access to a random bluetooth device via the web bluetooth API if the app has not configured a custom select-bluetooth-device event handler. The device that is accessed is random and the attacker would have no way of selecting a specific device.

All current stable versions of Electron are affected.

Patches

This has been patched and the following Electron versions contain the fix: * 17.0.0-alpha.6 * 16.0.6 * 15.3.5 * 14.2.4 * 13.6.6

Workarounds

Adding this code to your app can workaround the issue.

app.on('web-contents-created', (event, webContents) => {
  webContents.on('select-bluetooth-device', (event, devices, callback) => {
    // Prevent default behavior
    event.preventDefault();
    // Cancel the request
    callback('');
  });
});

For more information If you have any questions or comments about this advisory, email us at security@electronjs.org.

Affected versions: ["17.0.0-alpha.1", "17.0.0-alpha.2", "17.0.0-alpha.3", "17.0.0-alpha.4", "17.0.0-alpha.5", "16.0.0-beta.1", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "16.0.0-beta.9", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.0.4", "16.0.5", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "15.0.0-beta.6", "15.0.0-beta.7", "15.0.0", "15.1.0", "15.1.1", "15.1.2", "15.2.0", "15.3.0", "15.3.1", "15.3.2", "15.3.3", "15.3.4", "14.0.0-beta.1", "14.0.0-beta.2", "14.0.0-beta.3", "14.0.0-beta.5", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "14.0.0-beta.9", "14.0.0-beta.10", "14.0.0-beta.11", "14.0.0-beta.12", "14.0.0-beta.13", "14.0.0-beta.14", "14.0.0-beta.15", "14.0.0-beta.16", "14.0.0-beta.17", "14.0.0-beta.18", "14.0.0-beta.19", "14.0.0-beta.20", "14.0.0-beta.21", "14.0.0-beta.22", "14.0.0-beta.23", "14.0.0-beta.24", "14.0.0-beta.25", "14.0.0", "14.0.1", "14.0.2", "14.1.0", "14.1.1", "14.2.0", "14.2.1", "14.2.2", "14.2.3", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "13.1.0", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "13.1.2", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "12.0.13", "13.1.5", "13.1.6", "11.4.10", "12.0.14", "13.1.7", "12.0.15", "13.1.8", "11.4.11", "12.0.16", "13.1.9", "13.2.0", "13.2.1", "12.0.17", "11.4.12", "13.2.2", "13.2.3", "12.0.18", "11.5.0", "12.1.0", "13.3.0", "13.4.0", "12.1.1", "12.1.2", "13.5.0", "12.2.0", "12.2.1", "13.5.1", "12.2.2", "13.5.2", "13.6.0", "13.6.1", "12.2.3", "13.6.2", "13.6.3"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Chromium Remote Code Execution in electron

Published date: 2018-07-24T20:04:23Z

CVE: CVE-2017-16151

Links:

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled.

Recommendation

Update to electron version 1.7.8 or later.

Affected versions: ["1.7.0", "1.7.2", "1.7.4", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.7.7", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.6.11", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.6.13", "1.6.12"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Context isolation bypass via Promise in Electron

Published date: 2020-07-07T00:01:05Z

CVE: CVE-2020-15096

Links:

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

9.0.0-beta.21
8.2.4
7.2.4
6.1.11

For more information

If you have any questions or comments about this advisory: * Email us at security@electronjs.org

Affected versions: ["8.0.0", "8.0.3", "8.1.0", "8.2.0", "8.2.2", "8.2.3", "8.0.1", "8.0.2", "8.1.1", "8.2.1", "7.0.1", "7.1.2", "7.1.3", "7.1.5", "7.1.6", "7.1.7", "7.1.10", "7.1.11", "7.1.13", "7.1.14", "7.2.0", "7.2.1", "7.2.3", "7.0.0", "7.1.0", "7.1.1", "7.1.4", "7.1.8", "7.1.9", "7.1.12", "7.2.2", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "6.0.2", "5.0.10", "6.0.3", "4.2.10", "6.0.10", "5.0.11", "4.2.12", "6.1.0", "6.1.2", "6.1.4", "6.1.6", "5.0.13", "6.1.9", "6.1.10", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "6.1.1", "6.1.3", "5.0.12", "6.1.5", "6.1.7", "6.1.8"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

AutoUpdater module fails to validate certain nested components of the bundle

Published date: 2022-06-16T23:18:47Z

CVE: CVE-2022-29257

Links:

Impact

This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.

Please note that this kind of attack would require significant privileges in your own auto updating infrastructure and the ease of that attack entirely depends on your infrastructure security.

Patches

This has been patched and the following Electron versions contain the fix:

18.0.0-beta.6
17.2.0
16.2.0
15.5.0

Workarounds

There are no workarounds for this issue, please update to a patched version of Electron.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Affected versions: ["18.0.0-beta.1", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.0.0", "17.0.1", "17.1.0", "17.1.1", "17.1.2", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.0.4", "16.0.5", "16.0.6", "16.0.7", "16.0.8", "16.0.9", "16.0.10", "16.1.0", "16.1.1", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "13.5.0", "12.2.0", "14.0.2", "12.2.1", "13.5.1", "14.1.0", "15.1.0", "15.1.1", "14.1.1", "15.1.2", "12.2.2", "13.5.2", "15.2.0", "15.3.0", "14.2.0", "13.6.0", "13.6.1", "15.3.1", "14.2.1", "12.2.3", "15.3.2", "13.6.2", "15.3.3", "14.2.2", "13.6.3", "15.3.4", "14.2.3", "13.6.6", "14.2.4", "15.3.5", "13.6.7", "13.6.8", "14.2.5", "15.3.6", "13.6.9", "15.3.7", "14.2.6", "15.4.0", "15.4.1", "14.2.7", "15.4.2", "14.2.8", "14.2.9"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron vulnerable to remote command execution

Published date: 2022-05-17T02:14:12Z

CVE: CVE-2017-12581

Links:

Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

ASAR Integrity bypass via filetype confusion in electron

Published date: 2023-12-01T21:32:06Z

CVE: CVE-2023-44402

Links:

Impact

This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the resources folder in your app installation on Windows which these fuses are supposed to protect against.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

27.0.0-alpha.7
26.2.1
25.8.1
24.8.3
22.3.24

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Affected versions: ["23.0.0-alpha.1", "23.0.0-alpha.2", "23.0.0-alpha.3", "23.0.0-beta.1", "23.0.0-beta.2", "23.0.0-beta.3", "23.0.0-beta.4", "23.0.0-beta.5", "23.0.0-beta.6", "23.0.0-beta.8", "23.0.0", "23.1.0", "23.1.1", "23.1.2", "23.1.3", "23.1.4", "23.2.0", "23.2.1", "23.2.2", "23.2.3", "23.2.4", "23.3.0", "23.3.1", "23.3.2", "23.3.3", "23.3.4", "23.3.5", "23.3.6", "23.3.7", "23.3.8", "23.3.9", "23.3.10", "23.3.11", "23.3.12", "23.3.13", "27.0.0-alpha.1", "27.0.0-alpha.2", "27.0.0-alpha.3", "27.0.0-alpha.4", "27.0.0-alpha.5", "27.0.0-alpha.6", "26.0.0-alpha.1", "26.0.0-alpha.2", "26.0.0-alpha.3", "26.0.0-alpha.4", "26.0.0-alpha.5", "26.0.0-alpha.6", "26.0.0-alpha.7", "26.0.0-alpha.8", "26.0.0-beta.1", "26.0.0-beta.2", "26.0.0-beta.3", "26.0.0-beta.4", "26.0.0-beta.5", "26.0.0-beta.6", "26.0.0-beta.7", "26.0.0-beta.8", "26.0.0-beta.9", "26.0.0-beta.10", "26.0.0-beta.11", "26.0.0-beta.12", "26.0.0", "26.1.0", "26.2.0", "25.0.0-alpha.1", "25.0.0-alpha.2", "25.0.0-alpha.3", "25.0.0-alpha.4", "25.0.0-alpha.5", "25.0.0-alpha.6", "25.0.0-beta.1", "25.0.0-beta.2", "25.0.0-beta.3", "25.0.0-beta.4", "25.0.0-beta.5", "25.0.0-beta.6", "25.0.0-beta.7", "25.0.0-beta.8", "25.0.0", "25.0.1", "25.1.0", "25.1.1", "25.2.0", "25.3.0", "25.3.1", "25.3.2", "25.4.0", "25.5.0", "25.6.0", "25.7.0", "25.8.0", "24.0.0-alpha.1", "24.0.0-alpha.2", "24.0.0-alpha.3", "24.0.0-alpha.4", "24.0.0-alpha.5", "24.0.0-alpha.6", "24.0.0-alpha.7", "24.0.0-beta.1", "24.0.0-beta.2", "24.0.0-beta.3", "24.0.0-beta.4", "24.0.0-beta.5", "24.0.0-beta.6", "24.0.0-beta.7", "24.0.0", "24.1.0", "24.1.1", "24.1.2", "24.1.3", "24.2.0", "24.3.0", "24.3.1", "24.4.0", "24.4.1", "24.5.0", "24.5.1", "24.6.0", "24.6.1", "24.6.2", "24.6.3", "24.6.4", "24.6.5", "24.7.0", "24.7.1", "24.8.0", "24.8.1", "24.8.2", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "16.0.0-alpha.1", "13.5.0", "12.2.0", "14.0.2", "16.0.0-alpha.3", "12.2.1", "16.0.0-alpha.2", "13.5.1", "14.1.0", "15.1.0", "16.0.0-alpha.5", "15.1.1", "16.0.0-alpha.4", "16.0.0-alpha.6", "14.1.1", "15.1.2", "16.0.0-alpha.7", "12.2.2", "13.5.2", "16.0.0-alpha.8", "15.2.0", "16.0.0-alpha.9", "15.3.0", "16.0.0-beta.1", "14.2.0", "13.6.0", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "13.6.1", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "15.3.1", "14.2.1", "16.0.0-beta.9", "12.2.3", "16.0.0", "15.3.2", "13.6.2", "17.0.0-alpha.1", "17.0.0-alpha.2", "16.0.1", "17.0.0-alpha.3", "16.0.2", "17.0.0-alpha.4", "16.0.3", "15.3.3", "14.2.2", "13.6.3", "16.0.4", "17.0.0-alpha.5", "15.3.4", "14.2.3", "16.0.5", "17.0.0-alpha.6", "16.0.6", "13.6.6", "17.0.0-beta.1", "17.0.0-beta.2", "16.0.7", "14.2.4", "17.0.0-beta.3", "15.3.5", "13.6.7", "17.0.0-beta.4", "17.0.0-beta.5", "17.0.0-beta.6", "17.0.0-beta.7", "13.6.8", "17.0.0-beta.8", "16.0.8", "14.2.5", "15.3.6", "17.0.0-beta.9", "17.0.0", "13.6.9", "18.0.0-alpha.1", "18.0.0-alpha.2", "17.0.1", "18.0.0-alpha.3", "15.3.7", "16.0.9", "14.2.6", "16.0.10", "17.1.0", "18.0.0-alpha.4", "18.0.0-alpha.5", "15.4.0", "17.1.1", "18.0.0-beta.1", "15.4.1", "17.1.2", "14.2.7", "16.1.0", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.2.0", "15.4.2", "16.1.1", "14.2.8", "18.0.0-beta.6", "16.2.0", "18.0.0", "15.5.0", "17.3.0", "14.2.9", "19.0.0-alpha.1", "15.5.1", "16.2.1", "17.3.1", "18.0.1", "18.0.2", "17.4.0", "16.2.2", "15.5.2", "18.0.3", "18.0.4", "19.0.0-alpha.2", "19.0.0-alpha.3", "17.4.1", "16.2.3", "18.1.0", "19.0.0-alpha.4", "19.0.0-alpha.5", "18.2.0", "19.0.0-beta.2", "19.0.0-beta.1", "16.2.4", "17.4.2", "15.5.3", "19.0.0-beta.3", "16.2.5", "15.5.4", "19.0.0-beta.4", "17.4.3", "19.0.0-beta.5", "18.2.2", "17.4.4", "18.2.3", "15.5.5", "16.2.6", "19.0.0-beta.6", "19.0.0-beta.7", "16.2.7", "17.4.5", "18.2.4", "19.0.0-beta.8", "18.3.0", "15.5.6", "19.0.0", "15.5.7", "16.2.8", "19.0.1", "17.4.6", "18.3.1", "20.0.0-alpha.1", "18.3.2", "17.4.7", "19.0.2", "20.0.0-alpha.2", "19.0.3", "20.0.0-alpha.3", "19.0.4", "18.3.3", "20.0.0-alpha.4", "20.0.0-alpha.5", "18.3.4", "20.0.0-alpha.6", "20.0.0-alpha.7", "19.0.5", "17.4.8", "20.0.0-beta.1", "18.3.5", "19.0.6", "20.0.0-beta.2", "20.0.0-beta.3", "20.0.0-beta.4", "19.0.7", "17.4.9", "20.0.0-beta.5", "19.0.8", "20.0.0-beta.6", "17.4.10", "20.0.0-beta.7", "20.0.0-beta.8", "20.0.0-beta.9", "20.0.0-beta.10", "20.0.0-beta.11", "19.0.9", "20.0.0-beta.12", "19.0.10", "20.0.0-beta.13", "18.3.6", "20.0.0", "17.4.11", "19.0.11", "20.0.1", "18.3.7", "21.0.0-alpha.1", "19.0.12", "20.0.2", "18.3.8", "21.0.0-alpha.2", "21.0.0-alpha.3", "18.3.9", "19.0.13", "20.0.3", "21.0.0-alpha.4", "21.0.0-alpha.5", "19.0.14", "20.1.0", "21.0.0-alpha.6", "21.0.0-beta.1", "19.0.15", "20.1.1", "18.3.11", "21.0.0-beta.2", "21.0.0-beta.3", "20.1.2", "19.0.16", "21.0.0-beta.4", "20.1.3", "18.3.12", "21.0.0-beta.5", "20.1.4", "18.3.13", "19.0.17", "21.0.0-beta.6", "21.0.0-beta.7", "20.2.0", "21.0.0-beta.8", "19.1.0", "18.3.14", "21.0.0", "18.3.15", "20.3.0", "21.0.1", "22.0.0-alpha.1", "19.1.1", "19.1.2", "21.1.0", "20.3.1", "22.0.0-alpha.3", "22.0.0-alpha.4", "20.3.2", "21.1.1", "19.1.3", "22.0.0-alpha.5", "22.0.0-alpha.6", "21.2.0", "20.3.3", "22.0.0-alpha.7", "22.0.0-alpha.8", "22.0.0-beta.1", "22.0.0-beta.2", "21.2.1", "22.0.0-beta.3", "21.2.2", "19.1.4", "20.3.4", "22.0.0-beta.4", "20.3.5", "21.2.3", "19.1.5", "22.0.0-beta.5", "21.3.0", "19.1.6", "22.0.0-beta.6", "20.3.6", "22.0.0-beta.7", "19.1.7", "21.3.1", "20.3.7", "22.0.0-beta.8", "19.1.8", "22.0.0", "19.1.9", "20.3.8", "21.3.3", "22.0.1", "20.3.9", "21.3.4", "22.0.2", "20.3.10", "21.3.5", "22.0.3", "20.3.11", "21.4.0", "22.1.0", "21.4.1", "22.2.0", "22.2.1", "20.3.12", "22.3.0", "22.3.1", "21.4.2", "22.3.2", "22.3.3", "21.4.3", "22.3.5", "22.3.4", "21.4.4", "22.3.6", "22.3.7", "22.3.8", "22.3.9", "22.3.10", "22.3.11", "22.3.12", "22.3.13", "22.3.14", "22.3.15", "22.3.16", "22.3.17", "22.3.18", "22.3.21", "22.3.22", "22.3.23"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Published date: 2023-09-06T19:51:33Z

CVE: CVE-2023-39956

Links:

Impact

Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help

Specifically this issue can only be exploited if the following conditions are met: * Your app is launched with an attacker-controlled working directory * The attacker has the ability to write files to that working directory

This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. Please bear this in mind when reporting similar issues in the future.

Workarounds

There are no app side workarounds, you must update to a patched version of Electron.

Fixed Versions

26.0.0-beta.13
25.5.0
24.7.1
23.3.13
22.3.19

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Affected versions: ["26.0.0-alpha.1", "26.0.0-alpha.2", "26.0.0-alpha.3", "26.0.0-alpha.4", "26.0.0-alpha.5", "26.0.0-alpha.6", "26.0.0-alpha.7", "26.0.0-alpha.8", "26.0.0-beta.1", "26.0.0-beta.2", "26.0.0-beta.3", "26.0.0-beta.4", "26.0.0-beta.5", "26.0.0-beta.6", "26.0.0-beta.7", "26.0.0-beta.8", "26.0.0-beta.9", "26.0.0-beta.10", "26.0.0-beta.11", "26.0.0-beta.12", "25.0.0-alpha.1", "25.0.0-alpha.2", "25.0.0-alpha.3", "25.0.0-alpha.4", "25.0.0-alpha.5", "25.0.0-alpha.6", "25.0.0-beta.1", "25.0.0-beta.2", "25.0.0-beta.3", "25.0.0-beta.4", "25.0.0-beta.5", "25.0.0-beta.6", "25.0.0-beta.7", "25.0.0-beta.8", "25.0.0", "25.0.1", "25.1.0", "25.1.1", "25.2.0", "25.3.0", "25.3.1", "25.3.2", "25.4.0", "24.0.0-alpha.1", "24.0.0-alpha.2", "24.0.0-alpha.3", "24.0.0-alpha.4", "24.0.0-alpha.5", "24.0.0-alpha.6", "24.0.0-alpha.7", "24.0.0-beta.1", "24.0.0-beta.2", "24.0.0-beta.3", "24.0.0-beta.4", "24.0.0-beta.5", "24.0.0-beta.6", "24.0.0-beta.7", "24.0.0", "24.1.0", "24.1.1", "24.1.2", "24.1.3", "24.2.0", "24.3.0", "24.3.1", "24.4.0", "24.4.1", "24.5.0", "24.5.1", "24.6.0", "24.6.1", "24.6.2", "24.6.3", "24.6.4", "24.6.5", "24.7.0", "23.0.0-alpha.1", "23.0.0-alpha.2", "23.0.0-alpha.3", "23.0.0-beta.1", "23.0.0-beta.2", "23.0.0-beta.3", "23.0.0-beta.4", "23.0.0-beta.5", "23.0.0-beta.6", "23.0.0-beta.8", "23.0.0", "23.1.0", "23.1.1", "23.1.2", "23.1.3", "23.1.4", "23.2.0", "23.2.1", "23.2.2", "23.2.3", "23.2.4", "23.3.0", "23.3.1", "23.3.2", "23.3.3", "23.3.4", "23.3.5", "23.3.6", "23.3.7", "23.3.8", "23.3.9", "23.3.10", "23.3.11", "23.3.12", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "16.0.0-alpha.1", "13.5.0", "12.2.0", "14.0.2", "16.0.0-alpha.3", "12.2.1", "16.0.0-alpha.2", "13.5.1", "14.1.0", "15.1.0", "16.0.0-alpha.5", "15.1.1", "16.0.0-alpha.4", "16.0.0-alpha.6", "14.1.1", "15.1.2", "16.0.0-alpha.7", "12.2.2", "13.5.2", "16.0.0-alpha.8", "15.2.0", "16.0.0-alpha.9", "15.3.0", "16.0.0-beta.1", "14.2.0", "13.6.0", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "13.6.1", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "15.3.1", "14.2.1", "16.0.0-beta.9", "12.2.3", "16.0.0", "15.3.2", "13.6.2", "17.0.0-alpha.1", "17.0.0-alpha.2", "16.0.1", "17.0.0-alpha.3", "16.0.2", "17.0.0-alpha.4", "16.0.3", "15.3.3", "14.2.2", "13.6.3", "16.0.4", "17.0.0-alpha.5", "15.3.4", "14.2.3", "16.0.5", "17.0.0-alpha.6", "16.0.6", "13.6.6", "17.0.0-beta.1", "17.0.0-beta.2", "16.0.7", "14.2.4", "17.0.0-beta.3", "15.3.5", "13.6.7", "17.0.0-beta.4", "17.0.0-beta.5", "17.0.0-beta.6", "17.0.0-beta.7", "13.6.8", "17.0.0-beta.8", "16.0.8", "14.2.5", "15.3.6", "17.0.0-beta.9", "17.0.0", "13.6.9", "18.0.0-alpha.1", "18.0.0-alpha.2", "17.0.1", "18.0.0-alpha.3", "15.3.7", "16.0.9", "14.2.6", "16.0.10", "17.1.0", "18.0.0-alpha.4", "18.0.0-alpha.5", "15.4.0", "17.1.1", "18.0.0-beta.1", "15.4.1", "17.1.2", "14.2.7", "16.1.0", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.2.0", "15.4.2", "16.1.1", "14.2.8", "18.0.0-beta.6", "16.2.0", "18.0.0", "15.5.0", "17.3.0", "14.2.9", "19.0.0-alpha.1", "15.5.1", "16.2.1", "17.3.1", "18.0.1", "18.0.2", "17.4.0", "16.2.2", "15.5.2", "18.0.3", "18.0.4", "19.0.0-alpha.2", "19.0.0-alpha.3", "17.4.1", "16.2.3", "18.1.0", "19.0.0-alpha.4", "19.0.0-alpha.5", "18.2.0", "19.0.0-beta.2", "19.0.0-beta.1", "16.2.4", "17.4.2", "15.5.3", "19.0.0-beta.3", "16.2.5", "15.5.4", "19.0.0-beta.4", "17.4.3", "19.0.0-beta.5", "18.2.2", "17.4.4", "18.2.3", "15.5.5", "16.2.6", "19.0.0-beta.6", "19.0.0-beta.7", "16.2.7", "17.4.5", "18.2.4", "19.0.0-beta.8", "18.3.0", "15.5.6", "19.0.0", "15.5.7", "16.2.8", "19.0.1", "17.4.6", "18.3.1", "20.0.0-alpha.1", "18.3.2", "17.4.7", "19.0.2", "20.0.0-alpha.2", "19.0.3", "20.0.0-alpha.3", "19.0.4", "18.3.3", "20.0.0-alpha.4", "20.0.0-alpha.5", "18.3.4", "20.0.0-alpha.6", "20.0.0-alpha.7", "19.0.5", "17.4.8", "20.0.0-beta.1", "18.3.5", "19.0.6", "20.0.0-beta.2", "20.0.0-beta.3", "20.0.0-beta.4", "19.0.7", "17.4.9", "20.0.0-beta.5", "19.0.8", "20.0.0-beta.6", "17.4.10", "20.0.0-beta.7", "20.0.0-beta.8", "20.0.0-beta.9", "20.0.0-beta.10", "20.0.0-beta.11", "19.0.9", "20.0.0-beta.12", "19.0.10", "20.0.0-beta.13", "18.3.6", "20.0.0", "17.4.11", "19.0.11", "20.0.1", "18.3.7", "21.0.0-alpha.1", "19.0.12", "20.0.2", "18.3.8", "21.0.0-alpha.2", "21.0.0-alpha.3", "18.3.9", "19.0.13", "20.0.3", "21.0.0-alpha.4", "21.0.0-alpha.5", "19.0.14", "20.1.0", "21.0.0-alpha.6", "21.0.0-beta.1", "19.0.15", "20.1.1", "18.3.11", "21.0.0-beta.2", "21.0.0-beta.3", "20.1.2", "19.0.16", "21.0.0-beta.4", "20.1.3", "18.3.12", "21.0.0-beta.5", "20.1.4", "18.3.13", "19.0.17", "21.0.0-beta.6", "21.0.0-beta.7", "20.2.0", "21.0.0-beta.8", "19.1.0", "18.3.14", "21.0.0", "18.3.15", "20.3.0", "21.0.1", "22.0.0-alpha.1", "19.1.1", "19.1.2", "21.1.0", "20.3.1", "22.0.0-alpha.3", "22.0.0-alpha.4", "20.3.2", "21.1.1", "19.1.3", "22.0.0-alpha.5", "22.0.0-alpha.6", "21.2.0", "20.3.3", "22.0.0-alpha.7", "22.0.0-alpha.8", "22.0.0-beta.1", "22.0.0-beta.2", "21.2.1", "22.0.0-beta.3", "21.2.2", "19.1.4", "20.3.4", "22.0.0-beta.4", "20.3.5", "21.2.3", "19.1.5", "22.0.0-beta.5", "21.3.0", "19.1.6", "22.0.0-beta.6", "20.3.6", "22.0.0-beta.7", "19.1.7", "21.3.1", "20.3.7", "22.0.0-beta.8", "19.1.8", "22.0.0", "19.1.9", "20.3.8", "21.3.3", "22.0.1", "20.3.9", "21.3.4", "22.0.2", "20.3.10", "21.3.5", "22.0.3", "20.3.11", "21.4.0", "22.1.0", "21.4.1", "22.2.0", "22.2.1", "20.3.12", "22.3.0", "22.3.1", "21.4.2", "22.3.2", "22.3.3", "21.4.3", "22.3.5", "22.3.4", "21.4.4", "22.3.6", "22.3.7", "22.3.8", "22.3.9", "22.3.10", "22.3.11", "22.3.12", "22.3.13", "22.3.14", "22.3.15", "22.3.16", "22.3.17", "22.3.18"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Arbitrary file read via window-open IPC in Electron

Published date: 2020-07-07T00:01:13Z

CVE: CVE-2020-4075

Links:

Impact

The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.

Workarounds

Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.

Fixed Versions

9.0.0-beta.21
8.2.4
7.2.4

For more information

If you have any questions or comments about this advisory: * Email us at security@electronjs.org

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "7.0.1", "6.1.4", "7.1.2", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "7.1.7", "7.1.10", "7.1.11", "7.1.13", "6.1.9", "7.1.14", "7.2.0", "7.2.1", "6.1.10", "7.2.3", "6.1.11", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "7.1.12", "6.1.8", "7.2.2", "6.1.12", "8.0.0", "8.0.3", "8.1.0", "8.2.0", "8.2.2", "8.2.3", "8.0.1", "8.0.2", "8.1.1", "8.2.1"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron protocol handler browser vulnerable to Command Injection

Published date: 2018-03-26T16:41:20Z

CVE: CVE-2018-1000118

Links:

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.7.12", "1.6.17", "1.6.18", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.7.13", "1.7.14", "1.7.15", "1.7.16"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

High severity vulnerability that affects electron

Published date: 2017-10-24T18:33:35Z

CVE: CVE-2016-1202

Links:

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "0.2.0", "0.3.0"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Context isolation bypass via contextBridge in Electron

Published date: 2020-07-07T00:01:10Z

CVE: CVE-2020-4077

Links:

Impact

Apps using both contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

9.0.0-beta.21
8.2.4
7.2.4

For more information

If you have any questions or comments about this advisory: * Email us at security@electronjs.org

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "7.0.1", "6.1.4", "7.1.2", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "7.1.7", "7.1.10", "7.1.11", "7.1.13", "6.1.9", "7.1.14", "7.2.0", "7.2.1", "6.1.10", "7.2.3", "6.1.11", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "7.1.12", "6.1.8", "7.2.2", "6.1.12", "8.0.0", "8.0.3", "8.1.0", "8.2.0", "8.2.2", "8.2.3", "8.0.1", "8.0.2", "8.1.1", "8.2.1"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

IPC messages delivered to the wrong frame in Electron

Published date: 2021-01-28T19:11:34Z

CVE: CVE-2020-26272

Links:

Impact

IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

If your app does ANY of the following, then it is impacted by this issue: - Uses remote - Calls webContents.sendToFrame - Calls event.reply in an IPC message handler

Patches

This has been fixed in the following versions:

9.4.0
10.2.0
11.1.0
12.0.0-beta.9

Workarounds

There are no workarounds for this issue.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Affected versions: ["11.0.0", "11.0.1", "11.0.2", "11.0.3", "11.0.4", "11.0.5", "10.0.1", "10.1.1", "10.1.3", "10.1.5", "10.0.0", "10.1.0", "10.1.2", "10.1.4", "10.1.6", "10.1.7", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "8.3.1", "7.3.1", "8.3.2", "8.3.3", "8.4.1", "9.2.0", "7.3.3", "8.5.1", "8.5.2", "9.3.2", "8.5.3", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "9.1.1", "9.1.2", "8.5.0", "9.2.1", "9.3.0", "9.3.1", "9.3.3", "8.5.4", "8.5.5", "9.3.5"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Context isolation bypass via leaked cross-context objects in Electron

Published date: 2020-07-07T00:01:07Z

CVE: CVE-2020-4076

Links:

Impact

Apps using contextIsolation are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

9.0.0-beta.21
8.2.4
7.2.4

Non-Impacted Versions

9.0.0-beta.*

For more information

If you have any questions or comments about this advisory: * Email us at security@electronjs.org

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "7.0.1", "6.1.4", "7.1.2", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "7.1.7", "7.1.10", "7.1.11", "7.1.13", "6.1.9", "7.1.14", "7.2.0", "7.2.1", "6.1.10", "7.2.3", "6.1.11", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "7.1.12", "6.1.8", "7.2.2", "6.1.12", "8.0.0", "8.0.3", "8.1.0", "8.2.0", "8.2.2", "8.2.3", "8.0.1", "8.0.2", "8.1.1", "8.2.1"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API

Published date: 2021-10-12T21:59:13Z

CVE: CVE-2021-39184

Links:

Impact

This vulnerability allows a sandboxed renderer to request a thumbnail image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.

All current stable versions of Electron are affected.

Patches

This was fixed with #30728, and the following Electron versions contain the fix:

15.0.0-alpha.10
14.0.0
13.3.0
12.1.0
11.5.0

Workarounds

If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.

Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event: js delete require('electron').nativeImage.createThumbnailFromPath

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Affected versions: ["13.0.0", "13.0.1", "13.1.0", "13.1.1", "13.1.2", "13.1.3", "13.1.4", "13.1.5", "13.1.6", "13.1.7", "13.1.8", "13.1.9", "13.2.0", "13.2.1", "13.2.2", "13.2.3", "12.0.0", "12.0.1", "12.0.2", "12.0.3", "12.0.4", "12.0.5", "12.0.6", "12.0.7", "12.0.8", "12.0.9", "12.0.10", "12.0.11", "12.0.12", "12.0.13", "12.0.14", "12.0.15", "12.0.16", "12.0.17", "12.0.18", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "11.0.2", "11.0.3", "9.3.5", "11.0.4", "10.1.7", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "11.1.1", "11.2.0", "9.4.1", "10.3.0", "11.2.1", "10.3.1", "9.4.2", "11.2.2", "9.4.3", "10.3.2", "11.2.3", "11.3.0", "10.4.0", "9.4.4", "10.4.1", "11.4.0", "10.4.2", "11.4.1", "11.4.2", "11.4.3", "10.4.3", "10.4.4", "11.4.4", "11.4.5", "10.4.5", "11.4.6", "11.4.7", "10.4.6", "10.4.7", "11.4.8", "11.4.9", "11.4.10", "11.4.11", "11.4.12"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Published date: 2022-06-16T23:14:33Z

CVE: CVE-2022-29247

Links:

Impact

This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer.

Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant Node.js access rather it depends on the existing sandbox setting. If your application is sandboxed then nodeIntegrationInSubFrames just gives access to the sandboxed renderer APIs (which includes ipcRenderer).

If your application then additionally exposes IPC messages without IPC senderFrame validation that perform privileged actions or return confidential data this access to ipcRenderer can in turn compromise your application / user even with the sandbox enabled.

Patches

This has been patched and the following Electron versions contain the fix:

18.0.0-beta.6
17.2.0
16.2.6
15.5.5

Workarounds

Ensure that all IPC message handlers appropriately validate senderFrame as per our security tutorial here.

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Affected versions: ["18.0.0-beta.1", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.0.0", "17.0.1", "17.1.0", "17.1.1", "17.1.2", "16.0.0", "16.0.1", "16.0.2", "16.0.3", "16.0.4", "16.0.5", "16.0.6", "16.0.7", "16.0.8", "16.0.9", "16.0.10", "16.1.0", "16.1.1", "16.2.0", "16.2.1", "16.2.2", "16.2.3", "16.2.4", "16.2.5", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "13.5.0", "12.2.0", "14.0.2", "12.2.1", "13.5.1", "14.1.0", "15.1.0", "15.1.1", "14.1.1", "15.1.2", "12.2.2", "13.5.2", "15.2.0", "15.3.0", "14.2.0", "13.6.0", "13.6.1", "15.3.1", "14.2.1", "12.2.3", "15.3.2", "13.6.2", "15.3.3", "14.2.2", "13.6.3", "15.3.4", "14.2.3", "13.6.6", "14.2.4", "15.3.5", "13.6.7", "13.6.8", "14.2.5", "15.3.6", "13.6.9", "15.3.7", "14.2.6", "15.4.0", "15.4.1", "14.2.7", "15.4.2", "14.2.8", "15.5.0", "14.2.9", "15.5.1", "15.5.2", "15.5.3", "15.5.4"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Published date: 2022-11-10T12:38:57Z

CVE: CVE-2022-36077

Links:

Impact

When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as file://some.website.com/, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.

Patches

This issue has been fixed in all current stable versions of Electron. Specifically, these versions contain the fixes:

21.0.0-beta.1
20.0.1
19.0.11
18.3.7

We recommend all apps upgrade to the latest stable version of Electron.

Workarounds

If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the WebContents.on('will-redirect') event, for all WebContents:

app.on('web-contents-created', (e, webContents) => {
  webContents.on('will-redirect', (e, url) => {
    if (/^file:/.test(url)) e.preventDefault()
  })
})

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org.

Credit

Thanks to user @coolcoolnoworries for reporting this issue.

Affected versions: ["19.0.0-beta.2", "19.0.0-beta.1", "19.0.0-beta.3", "19.0.0-beta.4", "19.0.0-beta.5", "19.0.0-beta.6", "19.0.0-beta.7", "19.0.0-beta.8", "19.0.0", "19.0.1", "19.0.2", "19.0.3", "19.0.4", "19.0.5", "19.0.6", "19.0.7", "19.0.8", "19.0.9", "19.0.10", "20.0.0-beta.1", "20.0.0-beta.2", "20.0.0-beta.3", "20.0.0-beta.4", "20.0.0-beta.5", "20.0.0-beta.6", "20.0.0-beta.7", "20.0.0-beta.8", "20.0.0-beta.9", "20.0.0-beta.10", "20.0.0-beta.11", "20.0.0-beta.12", "20.0.0-beta.13", "20.0.0", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "16.0.0-alpha.1", "13.5.0", "12.2.0", "14.0.2", "16.0.0-alpha.3", "12.2.1", "16.0.0-alpha.2", "13.5.1", "14.1.0", "15.1.0", "16.0.0-alpha.5", "15.1.1", "16.0.0-alpha.4", "16.0.0-alpha.6", "14.1.1", "15.1.2", "16.0.0-alpha.7", "12.2.2", "13.5.2", "16.0.0-alpha.8", "15.2.0", "16.0.0-alpha.9", "15.3.0", "16.0.0-beta.1", "14.2.0", "13.6.0", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "13.6.1", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "15.3.1", "14.2.1", "16.0.0-beta.9", "12.2.3", "16.0.0", "15.3.2", "13.6.2", "17.0.0-alpha.1", "17.0.0-alpha.2", "16.0.1", "17.0.0-alpha.3", "16.0.2", "17.0.0-alpha.4", "16.0.3", "15.3.3", "14.2.2", "13.6.3", "16.0.4", "17.0.0-alpha.5", "15.3.4", "14.2.3", "16.0.5", "17.0.0-alpha.6", "16.0.6", "13.6.6", "17.0.0-beta.1", "17.0.0-beta.2", "16.0.7", "14.2.4", "17.0.0-beta.3", "15.3.5", "13.6.7", "17.0.0-beta.4", "17.0.0-beta.5", "17.0.0-beta.6", "17.0.0-beta.7", "13.6.8", "17.0.0-beta.8", "16.0.8", "14.2.5", "15.3.6", "17.0.0-beta.9", "17.0.0", "13.6.9", "18.0.0-alpha.1", "18.0.0-alpha.2", "17.0.1", "18.0.0-alpha.3", "15.3.7", "16.0.9", "14.2.6", "16.0.10", "17.1.0", "18.0.0-alpha.4", "18.0.0-alpha.5", "15.4.0", "17.1.1", "18.0.0-beta.1", "15.4.1", "17.1.2", "14.2.7", "16.1.0", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.2.0", "15.4.2", "16.1.1", "14.2.8", "18.0.0-beta.6", "16.2.0", "18.0.0", "15.5.0", "17.3.0", "14.2.9", "15.5.1", "16.2.1", "17.3.1", "18.0.1", "18.0.2", "17.4.0", "16.2.2", "15.5.2", "18.0.3", "18.0.4", "17.4.1", "16.2.3", "18.1.0", "18.2.0", "16.2.4", "17.4.2", "15.5.3", "16.2.5", "15.5.4", "17.4.3", "18.2.2", "17.4.4", "18.2.3", "15.5.5", "16.2.6", "16.2.7", "17.4.5", "18.2.4", "18.3.0", "15.5.6", "15.5.7", "16.2.8", "17.4.6", "18.3.1", "18.3.2", "17.4.7", "18.3.3", "18.3.4", "17.4.8", "18.3.5", "17.4.9", "17.4.10", "18.3.6", "17.4.11"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron context isolation bypass via nested unserializable return value

Published date: 2023-09-06T19:50:58Z

CVE: CVE-2023-29198

Links:

Impact

Apps using contextIsolation and contextBridge are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Workarounds

This issue is exploitable under either of two conditions: * If an API exposed to the main world via contextBridge can return an object or array that contains a JS object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown Error: object could not be cloned. * If an API exposed to the main world via contextBridge has a return value that throws a user-generated exception while being sent over the bridge, for instance a dynamic getter property on an object that throws an error when being computed.

The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported and that any objects returned from functions do not have dynamic getters that can throw exceptions.

Auditing your exposed API is likely to be quite difficult so we strongly recommend you update to a patched version of Electron.

Fixed Versions

25.0.0-alpha.2
24.0.1
23.2.3
22.3.6

For more information

If you have any questions or comments about this advisory, email us at security@electronjs.org

Affected versions: ["25.0.0-alpha.1", "24.0.0-alpha.1", "24.0.0-alpha.2", "24.0.0-alpha.3", "24.0.0-alpha.4", "24.0.0-alpha.5", "24.0.0-alpha.6", "24.0.0-alpha.7", "24.0.0-beta.1", "24.0.0-beta.2", "24.0.0-beta.3", "24.0.0-beta.4", "24.0.0-beta.5", "24.0.0-beta.6", "24.0.0-beta.7", "24.0.0", "23.0.0-alpha.1", "23.0.0-alpha.2", "23.0.0-alpha.3", "23.0.0-beta.1", "23.0.0-beta.2", "23.0.0-beta.3", "23.0.0-beta.4", "23.0.0-beta.5", "23.0.0-beta.6", "23.0.0-beta.8", "23.0.0", "23.1.0", "23.1.1", "23.1.2", "23.1.3", "23.1.4", "23.2.0", "23.2.1", "23.2.2", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "16.0.0-alpha.1", "13.5.0", "12.2.0", "14.0.2", "16.0.0-alpha.3", "12.2.1", "16.0.0-alpha.2", "13.5.1", "14.1.0", "15.1.0", "16.0.0-alpha.5", "15.1.1", "16.0.0-alpha.4", "16.0.0-alpha.6", "14.1.1", "15.1.2", "16.0.0-alpha.7", "12.2.2", "13.5.2", "16.0.0-alpha.8", "15.2.0", "16.0.0-alpha.9", "15.3.0", "16.0.0-beta.1", "14.2.0", "13.6.0", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "13.6.1", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "15.3.1", "14.2.1", "16.0.0-beta.9", "12.2.3", "16.0.0", "15.3.2", "13.6.2", "17.0.0-alpha.1", "17.0.0-alpha.2", "16.0.1", "17.0.0-alpha.3", "16.0.2", "17.0.0-alpha.4", "16.0.3", "15.3.3", "14.2.2", "13.6.3", "16.0.4", "17.0.0-alpha.5", "15.3.4", "14.2.3", "16.0.5", "17.0.0-alpha.6", "16.0.6", "13.6.6", "17.0.0-beta.1", "17.0.0-beta.2", "16.0.7", "14.2.4", "17.0.0-beta.3", "15.3.5", "13.6.7", "17.0.0-beta.4", "17.0.0-beta.5", "17.0.0-beta.6", "17.0.0-beta.7", "13.6.8", "17.0.0-beta.8", "16.0.8", "14.2.5", "15.3.6", "17.0.0-beta.9", "17.0.0", "13.6.9", "18.0.0-alpha.1", "18.0.0-alpha.2", "17.0.1", "18.0.0-alpha.3", "15.3.7", "16.0.9", "14.2.6", "16.0.10", "17.1.0", "18.0.0-alpha.4", "18.0.0-alpha.5", "15.4.0", "17.1.1", "18.0.0-beta.1", "15.4.1", "17.1.2", "14.2.7", "16.1.0", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.2.0", "15.4.2", "16.1.1", "14.2.8", "18.0.0-beta.6", "16.2.0", "18.0.0", "15.5.0", "17.3.0", "14.2.9", "19.0.0-alpha.1", "15.5.1", "16.2.1", "17.3.1", "18.0.1", "18.0.2", "17.4.0", "16.2.2", "15.5.2", "18.0.3", "18.0.4", "19.0.0-alpha.2", "19.0.0-alpha.3", "17.4.1", "16.2.3", "18.1.0", "19.0.0-alpha.4", "19.0.0-alpha.5", "18.2.0", "19.0.0-beta.2", "19.0.0-beta.1", "16.2.4", "17.4.2", "15.5.3", "19.0.0-beta.3", "16.2.5", "15.5.4", "19.0.0-beta.4", "17.4.3", "19.0.0-beta.5", "18.2.2", "17.4.4", "18.2.3", "15.5.5", "16.2.6", "19.0.0-beta.6", "19.0.0-beta.7", "16.2.7", "17.4.5", "18.2.4", "19.0.0-beta.8", "18.3.0", "15.5.6", "19.0.0", "15.5.7", "16.2.8", "19.0.1", "17.4.6", "18.3.1", "20.0.0-alpha.1", "18.3.2", "17.4.7", "19.0.2", "20.0.0-alpha.2", "19.0.3", "20.0.0-alpha.3", "19.0.4", "18.3.3", "20.0.0-alpha.4", "20.0.0-alpha.5", "18.3.4", "20.0.0-alpha.6", "20.0.0-alpha.7", "19.0.5", "17.4.8", "20.0.0-beta.1", "18.3.5", "19.0.6", "20.0.0-beta.2", "20.0.0-beta.3", "20.0.0-beta.4", "19.0.7", "17.4.9", "20.0.0-beta.5", "19.0.8", "20.0.0-beta.6", "17.4.10", "20.0.0-beta.7", "20.0.0-beta.8", "20.0.0-beta.9", "20.0.0-beta.10", "20.0.0-beta.11", "19.0.9", "20.0.0-beta.12", "19.0.10", "20.0.0-beta.13", "18.3.6", "20.0.0", "17.4.11", "19.0.11", "20.0.1", "18.3.7", "21.0.0-alpha.1", "19.0.12", "20.0.2", "18.3.8", "21.0.0-alpha.2", "21.0.0-alpha.3", "18.3.9", "19.0.13", "20.0.3", "21.0.0-alpha.4", "21.0.0-alpha.5", "19.0.14", "20.1.0", "21.0.0-alpha.6", "21.0.0-beta.1", "19.0.15", "20.1.1", "18.3.11", "21.0.0-beta.2", "21.0.0-beta.3", "20.1.2", "19.0.16", "21.0.0-beta.4", "20.1.3", "18.3.12", "21.0.0-beta.5", "20.1.4", "18.3.13", "19.0.17", "21.0.0-beta.6", "21.0.0-beta.7", "20.2.0", "21.0.0-beta.8", "19.1.0", "18.3.14", "21.0.0", "18.3.15", "20.3.0", "21.0.1", "22.0.0-alpha.1", "19.1.1", "19.1.2", "21.1.0", "20.3.1", "22.0.0-alpha.3", "22.0.0-alpha.4", "20.3.2", "21.1.1", "19.1.3", "22.0.0-alpha.5", "22.0.0-alpha.6", "21.2.0", "20.3.3", "22.0.0-alpha.7", "22.0.0-alpha.8", "22.0.0-beta.1", "22.0.0-beta.2", "21.2.1", "22.0.0-beta.3", "21.2.2", "19.1.4", "20.3.4", "22.0.0-beta.4", "20.3.5", "21.2.3", "19.1.5", "22.0.0-beta.5", "21.3.0", "19.1.6", "22.0.0-beta.6", "20.3.6", "22.0.0-beta.7", "19.1.7", "21.3.1", "20.3.7", "22.0.0-beta.8", "19.1.8", "22.0.0", "19.1.9", "20.3.8", "21.3.3", "22.0.1", "20.3.9", "21.3.4", "22.0.2", "20.3.10", "21.3.5", "22.0.3", "20.3.11", "21.4.0", "22.1.0", "21.4.1", "22.2.0", "22.2.1", "20.3.12", "22.3.0", "22.3.1", "21.4.2", "22.3.2", "22.3.3", "21.4.3", "22.3.5", "22.3.4", "21.4.4"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Published date: 2023-09-28T18:30:45Z

CVE: CVE-2023-5217

Links:

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected versions: ["27.0.0-alpha.1", "27.0.0-alpha.2", "27.0.0-alpha.3", "27.0.0-alpha.4", "27.0.0-alpha.5", "27.0.0-alpha.6", "27.0.0-beta.1", "27.0.0-beta.2", "27.0.0-beta.3", "27.0.0-beta.4", "27.0.0-beta.5", "27.0.0-beta.6", "27.0.0-beta.7", "26.0.0", "26.1.0", "26.2.0", "26.2.1", "26.2.2", "26.2.3", "25.0.0", "25.0.1", "25.1.0", "25.1.1", "25.2.0", "25.3.0", "25.3.1", "25.3.2", "25.4.0", "25.5.0", "25.6.0", "25.7.0", "25.8.0", "25.8.1", "25.8.2", "25.8.3", "24.0.0", "24.1.0", "24.1.1", "24.1.2", "24.1.3", "24.2.0", "24.3.0", "24.3.1", "24.4.0", "24.4.1", "24.5.0", "24.5.1", "24.6.0", "24.6.1", "24.6.2", "24.6.3", "24.6.4", "24.6.5", "24.7.0", "24.7.1", "24.8.0", "24.8.1", "24.8.2", "24.8.3", "24.8.4", "0.1.0", "0.1.1", "0.1.2", "0.2.1", "0.4.0", "0.4.1", "1.3.3", "1.3.6", "1.4.2", "1.4.4", "1.3.12", "1.4.12", "1.4.14", "1.5.0", "1.5.1", "1.6.3", "1.3.14", "1.6.9", "1.7.0", "1.6.11", "1.7.2", "1.7.4", "0.2.0", "0.3.0", "1.3.1", "1.3.2", "1.3.4", "1.3.5", "1.4.0", "1.4.1", "1.3.7", "1.4.3", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.4.10", "1.3.13", "1.4.11", "1.4.13", "1.4.15", "1.6.0", "1.6.1", "1.6.2", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.10", "1.7.1", "1.7.3", "1.7.5", "1.7.6", "1.6.13", "1.8.2-beta.1", "1.7.10", "1.7.11", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.3", "2.0.0-beta.3", "1.6.18", "2.0.1", "3.0.0-beta.1", "2.0.3", "1.6.12", "1.7.7", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.2", "1.8.2-beta.3", "1.6.16", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.7.15", "1.8.7", "2.0.2", "2.0.4", "2.0.5", "2.0.6", "3.0.0-beta.4", "2.0.7", "2.1.0-unsupported.20180809", "3.0.0-beta.6", "3.0.0-beta.7", "2.0.8", "1.7.16", "3.0.0-beta.8", "3.0.0-beta.10", "2.0.9", "3.0.0-beta.13", "3.0.0", "2.0.10", "3.0.1", "4.0.0-beta.1", "4.0.0-beta.3", "2.0.12", "4.0.0-beta.4", "3.0.6", "2.0.13", "3.0.8", "4.0.0-beta.7", "3.1.0-beta.1", "3.1.0-beta.2", "3.0.11", "2.0.15", "3.1.0-beta.3", "3.0.13", "3.1.0-beta.4", "4.0.0-beta.10", "2.0.16", "4.0.1", "3.1.0", "4.0.2", "5.0.0-beta.1", "3.1.2", "4.0.3", "2.0.17", "3.1.3", "4.0.4", "5.0.0-beta.3", "3.1.4", "4.0.6", "4.0.7", "3.1.7", "4.1.4", "6.0.0-beta.1", "3.1.9", "4.2.0", "5.0.1", "6.0.0-beta.2", "6.0.0-beta.3", "6.0.0-beta.4", "5.0.2", "6.0.0-beta.5", "6.0.0-beta.6", "3.1.11", "5.0.3", "6.0.0-beta.7", "6.0.0-beta.9", "6.0.0-beta.12", "6.0.0-beta.13", "5.0.7", "6.0.0-beta.14", "5.0.8", "6.0.0", "3.1.13", "7.0.0-beta.1", "7.0.0-beta.2", "6.0.2", "7.0.0-beta.3", "5.0.10", "6.0.3", "4.2.10", "7.0.0-beta.4", "6.0.10", "7.0.0-beta.5", "5.0.11", "7.0.0-beta.6", "4.2.12", "6.1.0", "6.1.2", "8.0.0-beta.2", "7.0.1", "6.1.4", "7.1.2", "8.0.0-beta.3", "7.1.3", "6.1.6", "7.1.5", "5.0.13", "7.1.6", "8.0.0-beta.5", "7.1.7", "8.0.0-beta.6", "8.0.0-beta.7", "7.1.10", "8.0.0-beta.9", "7.1.11", "8.0.0", "9.0.0-beta.1", "7.1.13", "9.0.0-beta.3", "6.1.9", "7.1.14", "8.0.3", "8.1.0", "9.0.0-beta.7", "9.0.0-beta.10", "7.2.0", "7.2.1", "8.2.0", "9.0.0-beta.12", "9.0.0-beta.15", "8.2.2", "6.1.10", "8.2.3", "7.2.3", "9.0.0-beta.19", "9.0.0-beta.20", "9.0.0-beta.21", "9.0.0-beta.22", "6.1.11", "9.0.0-beta.24", "8.3.0", "9.0.0", "10.0.0-beta.1", "10.0.0-beta.2", "8.3.1", "7.3.1", "8.3.2", "10.0.0-beta.3", "10.0.0-beta.4", "8.3.3", "10.0.0-beta.8", "10.0.0-beta.9", "10.0.0-beta.11", "8.4.1", "10.0.0-beta.14", "9.2.0", "10.0.0-beta.20", "10.0.0-beta.21", "7.3.3", "10.0.1", "10.1.1", "8.5.1", "11.0.0-beta.4", "11.0.0-beta.6", "11.0.0-beta.7", "8.5.2", "11.0.0-beta.8", "11.0.0-beta.9", "10.1.3", "9.3.2", "11.0.0-beta.11", "11.0.0-beta.12", "10.1.5", "11.0.0-beta.16", "8.5.3", "11.0.0-beta.19", "11.0.0-beta.20", "9.3.4", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.5", "1.8.8", "3.0.0-beta.9", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.2", "2.0.11", "3.0.3", "3.0.4", "4.0.0-beta.2", "3.0.5", "4.0.0-beta.5", "3.0.7", "4.0.0-beta.6", "3.0.9", "2.0.14", "3.0.10", "4.0.0-beta.8", "4.0.0-beta.9", "3.0.12", "4.0.0-beta.11", "4.0.0", "3.1.0-beta.5", "3.0.14", "3.1.1", "3.0.15", "5.0.0-beta.2", "4.0.5", "5.0.0-beta.4", "3.1.5", "5.0.0-beta.5", "2.0.18", "3.1.6", "3.0.16", "4.0.8", "4.1.0", "5.0.0-beta.6", "4.1.1", "5.0.0-beta.7", "3.1.8", "4.1.2", "4.1.3", "5.0.0-beta.8", "5.0.0-beta.9", "5.0.0", "4.1.5", "4.2.1", "4.2.2", "3.1.10", "4.2.3", "4.2.4", "6.0.0-beta.8", "5.0.4", "5.0.5", "4.2.5", "6.0.0-beta.10", "6.0.0-beta.11", "5.0.6", "4.2.6", "3.1.12", "4.2.7", "4.2.8", "6.0.0-beta.15", "4.2.9", "5.0.9", "6.0.1", "6.0.4", "6.0.5", "6.0.6", "6.0.7", "6.0.8", "6.0.9", "4.2.11", "6.0.11", "6.0.12", "7.0.0-beta.7", "7.0.0", "6.1.1", "8.0.0-beta.1", "6.1.3", "5.0.12", "7.1.0", "7.1.1", "6.1.5", "8.0.0-beta.4", "7.1.4", "6.1.7", "7.1.8", "7.1.9", "8.0.0-beta.8", "7.1.12", "8.0.1", "9.0.0-beta.2", "6.1.8", "8.0.2", "9.0.0-beta.4", "9.0.0-beta.5", "9.0.0-beta.6", "8.1.1", "9.0.0-beta.9", "9.0.0-beta.13", "9.0.0-beta.14", "8.2.1", "9.0.0-beta.16", "7.2.2", "9.0.0-beta.17", "9.0.0-beta.18", "8.2.4", "7.2.4", "8.2.5", "7.3.0", "6.1.12", "9.0.1", "9.0.2", "9.0.3", "9.0.4", "9.0.5", "7.3.2", "8.3.4", "9.1.0", "8.4.0", "10.0.0-beta.10", "10.0.0-beta.12", "9.1.1", "9.1.2", "10.0.0-beta.15", "10.0.0-beta.17", "10.0.0-beta.19", "8.5.0", "10.0.0-beta.23", "9.2.1", "10.0.0-beta.25", "10.0.0", "11.0.0-beta.1", "10.1.0", "11.0.0-beta.3", "9.3.0", "10.1.2", "9.3.1", "11.0.0-beta.13", "10.1.4", "11.0.0-beta.17", "9.3.3", "11.0.0-beta.18", "11.0.0-beta.22", "11.0.0-beta.23", "11.0.0", "11.0.1", "8.5.4", "10.1.6", "8.5.5", "12.0.0-beta.1", "11.0.2", "11.0.3", "12.0.0-beta.3", "9.3.5", "12.0.0-beta.4", "12.0.0-beta.5", "12.0.0-beta.6", "12.0.0-beta.7", "11.0.4", "10.1.7", "12.0.0-beta.8", "11.0.5", "10.2.0", "11.1.0", "9.4.0", "12.0.0-beta.9", "12.0.0-beta.10", "12.0.0-beta.11", "12.0.0-beta.12", "11.1.1", "12.0.0-beta.14", "11.2.0", "9.4.1", "10.3.0", "12.0.0-beta.16", "11.2.1", "12.0.0-beta.18", "10.3.1", "9.4.2", "12.0.0-beta.19", "12.0.0-beta.20", "11.2.2", "12.0.0-beta.21", "12.0.0-beta.22", "9.4.3", "10.3.2", "11.2.3", "12.0.0-beta.23", "12.0.0-beta.24", "12.0.0-beta.25", "12.0.0-beta.26", "12.0.0-beta.27", "11.3.0", "10.4.0", "12.0.0-beta.28", "12.0.0-beta.29", "12.0.0-beta.30", "12.0.0-beta.31", "12.0.0", "9.4.4", "13.0.0-beta.2", "13.0.0-beta.3", "12.0.1", "13.0.0-beta.4", "13.0.0-beta.5", "10.4.1", "13.0.0-beta.6", "13.0.0-beta.7", "11.4.0", "10.4.2", "12.0.2", "11.4.1", "13.0.0-beta.8", "13.0.0-beta.9", "11.4.2", "13.0.0-beta.11", "13.0.0-beta.12", "13.0.0-beta.13", "12.0.3", "11.4.3", "12.0.4", "13.0.0-beta.14", "10.4.3", "13.0.0-beta.16", "12.0.5", "13.0.0-beta.17", "13.0.0-beta.18", "10.4.4", "11.4.4", "12.0.6", "13.0.0-beta.20", "11.4.5", "10.4.5", "13.0.0-beta.21", "13.0.0-beta.22", "13.0.0-beta.23", "12.0.7", "11.4.6", "13.0.0-beta.24", "13.0.0-beta.26", "11.4.7", "13.0.0-beta.27", "12.0.8", "10.4.6", "12.0.9", "13.0.0-beta.28", "10.4.7", "13.0.0", "13.0.1", "14.0.0-beta.1", "14.0.0-beta.2", "13.1.0", "14.0.0-beta.3", "11.4.8", "12.0.10", "13.1.1", "12.0.11", "14.0.0-beta.5", "13.1.2", "14.0.0-beta.6", "14.0.0-beta.7", "14.0.0-beta.8", "13.1.3", "12.0.12", "11.4.9", "13.1.4", "14.0.0-beta.9", "14.0.0-beta.10", "12.0.13", "13.1.5", "14.0.0-beta.11", "14.0.0-beta.12", "13.1.6", "11.4.10", "12.0.14", "14.0.0-beta.13", "14.0.0-beta.14", "13.1.7", "12.0.15", "14.0.0-beta.15", "15.0.0-alpha.1", "14.0.0-beta.16", "14.0.0-beta.17", "15.0.0-alpha.2", "14.0.0-beta.18", "15.0.0-alpha.3", "13.1.8", "11.4.11", "12.0.16", "14.0.0-beta.19", "15.0.0-alpha.4", "14.0.0-beta.20", "15.0.0-alpha.5", "13.1.9", "14.0.0-beta.21", "15.0.0-alpha.6", "13.2.0", "15.0.0-alpha.7", "14.0.0-beta.22", "13.2.1", "12.0.17", "11.4.12", "14.0.0-beta.23", "15.0.0-alpha.8", "15.0.0-alpha.9", "13.2.2", "14.0.0-beta.24", "15.0.0-alpha.10", "13.2.3", "12.0.18", "14.0.0-beta.25", "14.0.0", "11.5.0", "12.1.0", "13.3.0", "15.0.0-beta.1", "15.0.0-beta.2", "15.0.0-beta.3", "15.0.0-beta.4", "15.0.0-beta.5", "13.4.0", "14.0.1", "12.1.1", "15.0.0-beta.6", "15.0.0-beta.7", "12.1.2", "15.0.0", "16.0.0-alpha.1", "13.5.0", "12.2.0", "14.0.2", "16.0.0-alpha.3", "12.2.1", "16.0.0-alpha.2", "13.5.1", "14.1.0", "15.1.0", "16.0.0-alpha.5", "15.1.1", "16.0.0-alpha.4", "16.0.0-alpha.6", "14.1.1", "15.1.2", "16.0.0-alpha.7", "12.2.2", "13.5.2", "16.0.0-alpha.8", "15.2.0", "16.0.0-alpha.9", "15.3.0", "16.0.0-beta.1", "14.2.0", "13.6.0", "16.0.0-beta.2", "16.0.0-beta.3", "16.0.0-beta.4", "13.6.1", "16.0.0-beta.5", "16.0.0-beta.6", "16.0.0-beta.7", "16.0.0-beta.8", "15.3.1", "14.2.1", "16.0.0-beta.9", "12.2.3", "16.0.0", "15.3.2", "13.6.2", "17.0.0-alpha.1", "17.0.0-alpha.2", "16.0.1", "17.0.0-alpha.3", "16.0.2", "17.0.0-alpha.4", "16.0.3", "15.3.3", "14.2.2", "13.6.3", "16.0.4", "17.0.0-alpha.5", "15.3.4", "14.2.3", "16.0.5", "17.0.0-alpha.6", "16.0.6", "13.6.6", "17.0.0-beta.1", "17.0.0-beta.2", "16.0.7", "14.2.4", "17.0.0-beta.3", "15.3.5", "13.6.7", "17.0.0-beta.4", "17.0.0-beta.5", "17.0.0-beta.6", "17.0.0-beta.7", "13.6.8", "17.0.0-beta.8", "16.0.8", "14.2.5", "15.3.6", "17.0.0-beta.9", "17.0.0", "13.6.9", "18.0.0-alpha.1", "18.0.0-alpha.2", "17.0.1", "18.0.0-alpha.3", "15.3.7", "16.0.9", "14.2.6", "16.0.10", "17.1.0", "18.0.0-alpha.4", "18.0.0-alpha.5", "15.4.0", "17.1.1", "18.0.0-beta.1", "15.4.1", "17.1.2", "14.2.7", "16.1.0", "18.0.0-beta.2", "18.0.0-beta.3", "18.0.0-beta.4", "18.0.0-beta.5", "17.2.0", "15.4.2", "16.1.1", "14.2.8", "18.0.0-beta.6", "16.2.0", "18.0.0", "15.5.0", "17.3.0", "14.2.9", "19.0.0-alpha.1", "15.5.1", "16.2.1", "17.3.1", "18.0.1", "18.0.2", "17.4.0", "16.2.2", "15.5.2", "18.0.3", "18.0.4", "19.0.0-alpha.2", "19.0.0-alpha.3", "17.4.1", "16.2.3", "18.1.0", "19.0.0-alpha.4", "19.0.0-alpha.5", "18.2.0", "19.0.0-beta.2", "19.0.0-beta.1", "16.2.4", "17.4.2", "15.5.3", "19.0.0-beta.3", "16.2.5", "15.5.4", "19.0.0-beta.4", "17.4.3", "19.0.0-beta.5", "18.2.2", "17.4.4", "18.2.3", "15.5.5", "16.2.6", "19.0.0-beta.6", "19.0.0-beta.7", "16.2.7", "17.4.5", "18.2.4", "19.0.0-beta.8", "18.3.0", "15.5.6", "19.0.0", "15.5.7", "16.2.8", "19.0.1", "17.4.6", "18.3.1", "20.0.0-alpha.1", "18.3.2", "17.4.7", "19.0.2", "20.0.0-alpha.2", "19.0.3", "20.0.0-alpha.3", "19.0.4", "18.3.3", "20.0.0-alpha.4", "20.0.0-alpha.5", "18.3.4", "20.0.0-alpha.6", "20.0.0-alpha.7", "19.0.5", "17.4.8", "20.0.0-beta.1", "18.3.5", "19.0.6", "20.0.0-beta.2", "20.0.0-beta.3", "20.0.0-beta.4", "19.0.7", "17.4.9", "20.0.0-beta.5", "19.0.8", "20.0.0-beta.6", "17.4.10", "20.0.0-beta.7", "20.0.0-beta.8", "20.0.0-beta.9", "20.0.0-beta.10", "20.0.0-beta.11", "19.0.9", "20.0.0-beta.12", "19.0.10", "20.0.0-beta.13", "18.3.6", "20.0.0", "17.4.11", "19.0.11", "20.0.1", "18.3.7", "21.0.0-alpha.1", "19.0.12", "20.0.2", "18.3.8", "21.0.0-alpha.2", "21.0.0-alpha.3", "18.3.9", "19.0.13", "20.0.3", "21.0.0-alpha.4", "21.0.0-alpha.5", "19.0.14", "20.1.0", "21.0.0-alpha.6", "21.0.0-beta.1", "19.0.15", "20.1.1", "18.3.11", "21.0.0-beta.2", "21.0.0-beta.3", "20.1.2", "19.0.16", "21.0.0-beta.4", "20.1.3", "18.3.12", "21.0.0-beta.5", "20.1.4", "18.3.13", "19.0.17", "21.0.0-beta.6", "21.0.0-beta.7", "20.2.0", "21.0.0-beta.8", "19.1.0", "18.3.14", "21.0.0", "18.3.15", "20.3.0", "21.0.1", "22.0.0-alpha.1", "19.1.1", "19.1.2", "21.1.0", "20.3.1", "22.0.0-alpha.3", "22.0.0-alpha.4", "20.3.2", "21.1.1", "19.1.3", "22.0.0-alpha.5", "22.0.0-alpha.6", "21.2.0", "20.3.3", "22.0.0-alpha.7", "22.0.0-alpha.8", "22.0.0-beta.1", "22.0.0-beta.2", "21.2.1", "22.0.0-beta.3", "21.2.2", "19.1.4", "20.3.4", "22.0.0-beta.4", "20.3.5", "21.2.3", "19.1.5", "22.0.0-beta.5", "21.3.0", "19.1.6", "22.0.0-beta.6", "20.3.6", "22.0.0-beta.7", "19.1.7", "21.3.1", "20.3.7", "22.0.0-beta.8", "19.1.8", "22.0.0", "19.1.9", "20.3.8", "21.3.3", "22.0.1", "20.3.9", "21.3.4", "22.0.2", "20.3.10", "21.3.5", "22.0.3", "20.3.11", "21.4.0", "22.1.0", "21.4.1", "22.2.0", "22.2.1", "20.3.12", "22.3.0", "22.3.1", "21.4.2", "22.3.2", "22.3.3", "21.4.3", "22.3.5", "22.3.4", "21.4.4", "22.3.6", "22.3.7", "22.3.8", "22.3.9", "22.3.10", "22.3.11", "22.3.12", "22.3.13", "22.3.14", "22.3.15", "22.3.16", "22.3.17", "22.3.18", "22.3.21", "22.3.22", "22.3.23", "22.3.24"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update to version 36.4.0.

Arbitrary Code Execution

Published date: 2019-03-04

CVEs: ["CVE-2019-5786"]

CVSS Score: 10.0

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Links:

A vulnerability in Chromium, which Electron is based on, can be exploited and used to execute arbitrary code. According to the Electron team, this affects any Electron application that may run third-party or untrusted JavaScript. Depending on the Electron application's privileges, this can allow an attacker to create and delete files or modify a user's system in other ways. Google has received reports of this vulnerability being exploited in the wild.

Affected versions: ["0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.2.1", "0.3.0", "0.4.0", "0.4.1", "1.3.1", "1.3.2", "1.3.3", "1.3.4", "1.3.5", "1.3.6", "1.4.0", "1.4.1", "1.3.7", "1.4.2", "1.4.3", "1.4.4", "1.3.8", "1.4.5", "1.4.6", "1.4.7", "1.3.9", "1.3.10", "1.4.8", "1.3.12", "1.4.10", "1.3.13", "1.4.11", "1.4.12", "1.4.13", "1.4.14", "1.4.15", "1.5.0", "1.5.1", "1.6.0", "1.6.1", "1.6.2", "1.6.3", "1.3.14", "1.6.4", "1.6.5", "1.4.16", "1.6.6", "1.6.7", "1.3.15", "1.6.8", "1.6.9", "1.7.0", "1.6.10", "1.7.1", "1.6.11", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.6.12", "1.7.6", "1.7.7", "1.6.13", "1.7.8", "1.6.14", "1.8.1", "1.7.9", "1.6.15", "1.8.2-beta.1", "1.8.2-beta.2", "1.8.2-beta.3", "1.7.10", "1.7.11", "1.6.16", "1.8.2-beta.4", "1.8.2-beta.5", "1.7.12", "1.6.17", "1.8.2", "2.0.0-beta.1", "2.0.0-beta.2", "1.8.3", "2.0.0-beta.3", "1.7.13", "2.0.0-beta.4", "1.8.4", "2.0.0-beta.5", "2.0.0-beta.6", "2.0.0-beta.7", "2.0.0-beta.8", "1.8.5", "1.7.14", "1.8.6", "2.0.0", "1.6.18", "1.7.15", "1.8.7", "2.0.1", "2.0.2", "2.0.3", "2.0.4", "2.0.5", "2.0.6", "2.0.7", "2.0.8", "1.8.8", "1.7.16", "2.0.9", "2.0.10", "2.0.11", "2.0.12", "2.0.13", "2.0.14", "2.0.15", "2.0.16", "2.0.17", "3.0.0-beta.1", "3.0.0-beta.2", "3.0.0-beta.3", "3.0.0-beta.4", "2.1.0-unsupported.20180809", "3.0.0-beta.5", "3.0.0-beta.6", "3.0.0-beta.7", "3.0.0-beta.8", "3.0.0-beta.9", "3.0.0-beta.10", "3.0.0-beta.11", "3.0.0-beta.12", "3.0.0-beta.13", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8", "3.0.9", "3.0.10", "3.0.11", "3.0.12", "3.0.13", "3.0.14", "3.0.15", "2.0.18", "3.1.0-beta.1", "3.1.0-beta.2", "3.1.0-beta.3", "3.1.0-beta.4", "3.1.0-beta.5", "3.1.0", "3.1.1", "3.1.2", "3.1.3", "3.1.4", "3.1.5", "3.0.16", "4.0.0-beta.1", "4.0.0-beta.2", "4.0.0-beta.3", "4.0.0-beta.4", "4.0.0-beta.5", "4.0.0-beta.6", "4.0.0-beta.7", "4.0.0-beta.8", "4.0.0-beta.9", "4.0.0-beta.10", "4.0.0-beta.11", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "3.1.6", "3.1.7", "3.1.8", "3.1.9", "3.1.10", "3.1.11", "3.1.12", "3.1.13", "5.0.0-beta.1", "5.0.0-beta.2", "5.0.0-beta.3", "5.0.0-beta.4", "4.0.8", "4.1.0", "4.1.1", "4.1.2", "4.1.3", "4.1.4", "4.1.5", "4.2.0", "4.2.1", "4.2.2", "4.2.3", "4.2.4", "4.2.5", "4.2.6", "4.2.7", "4.2.8", "4.2.9", "4.2.10", "4.2.11", "4.2.12", "NodeJS/electron/0.1.0", "NodeJS/electron/0.1.1", "NodeJS/electron/0.1.2", "NodeJS/electron/0.2.1", "NodeJS/electron/0.4.0", "NodeJS/electron/0.4.1", "NodeJS/electron/1.3.3", "NodeJS/electron/1.3.6", "NodeJS/electron/1.4.2", "NodeJS/electron/1.4.4", "NodeJS/electron/1.3.12", "NodeJS/electron/1.4.12", "NodeJS/electron/1.4.14", "NodeJS/electron/1.5.0", "NodeJS/electron/1.5.1", "NodeJS/electron/1.6.3", "NodeJS/electron/1.3.14", "NodeJS/electron/1.6.9", "NodeJS/electron/1.7.0", "NodeJS/electron/1.6.11", "NodeJS/electron/1.7.2", "NodeJS/electron/1.7.4", "NodeJS/electron/0.2.0", "NodeJS/electron/0.3.0", "NodeJS/electron/1.3.1", "NodeJS/electron/1.3.2", "NodeJS/electron/1.3.4", "NodeJS/electron/1.3.5", "NodeJS/electron/1.4.0", "NodeJS/electron/1.4.1", "NodeJS/electron/1.3.7", "NodeJS/electron/1.4.3", "NodeJS/electron/1.3.8", "NodeJS/electron/1.4.5", "NodeJS/electron/1.4.6", "NodeJS/electron/1.4.7", "NodeJS/electron/1.3.9", "NodeJS/electron/1.3.10", "NodeJS/electron/1.4.8", "NodeJS/electron/1.4.10", "NodeJS/electron/1.3.13", "NodeJS/electron/1.4.11", "NodeJS/electron/1.4.13", "NodeJS/electron/1.4.15", "NodeJS/electron/1.6.0", "NodeJS/electron/1.6.1", "NodeJS/electron/1.6.2", "NodeJS/electron/1.6.4", "NodeJS/electron/1.6.5", "NodeJS/electron/1.4.16", "NodeJS/electron/1.6.6", "NodeJS/electron/1.6.7", "NodeJS/electron/1.3.15", "NodeJS/electron/1.6.8", "NodeJS/electron/1.6.10", "NodeJS/electron/1.7.1", "NodeJS/electron/1.7.3", "NodeJS/electron/1.7.5", "NodeJS/electron/1.7.6", "NodeJS/electron/1.6.13", "NodeJS/electron/1.8.2-beta.1", "NodeJS/electron/1.7.10", "NodeJS/electron/1.7.11", "NodeJS/electron/1.8.2-beta.4", "NodeJS/electron/1.8.2-beta.5", "NodeJS/electron/1.7.12", "NodeJS/electron/1.6.17", "NodeJS/electron/1.8.3", "NodeJS/electron/2.0.0-beta.3", "NodeJS/electron/1.6.18", "NodeJS/electron/2.0.1", "NodeJS/electron/2.0.3", "NodeJS/electron/1.6.12", "NodeJS/electron/1.7.7", "NodeJS/electron/1.7.8", "NodeJS/electron/1.6.14", "NodeJS/electron/1.8.1", "NodeJS/electron/1.7.9", "NodeJS/electron/1.6.15", "NodeJS/electron/1.8.2-beta.2", "NodeJS/electron/1.8.2-beta.3", "NodeJS/electron/1.6.16", "NodeJS/electron/1.8.2", "NodeJS/electron/2.0.0-beta.1", "NodeJS/electron/2.0.0-beta.2", "NodeJS/electron/1.7.13", "NodeJS/electron/2.0.0-beta.4", "NodeJS/electron/1.8.4", "NodeJS/electron/2.0.0-beta.5", "NodeJS/electron/2.0.0-beta.6", "NodeJS/electron/2.0.0-beta.7", "NodeJS/electron/2.0.0-beta.8", "NodeJS/electron/1.8.5", "NodeJS/electron/1.7.14", "NodeJS/electron/1.8.6", "NodeJS/electron/2.0.0", "NodeJS/electron/1.7.15", "NodeJS/electron/1.8.7", "NodeJS/electron/2.0.2", "NodeJS/electron/2.0.4", "NodeJS/electron/2.0.5", "NodeJS/electron/2.0.6", "NodeJS/electron/2.0.7", "NodeJS/electron/2.0.8", "NodeJS/electron/1.7.16", "NodeJS/electron/2.0.9", "NodeJS/electron/2.0.10", "NodeJS/electron/2.0.12", "NodeJS/electron/2.0.13", "NodeJS/electron/2.0.15", "NodeJS/electron/2.0.16", "NodeJS/electron/2.0.17", "NodeJS/electron/1.8.8", "NodeJS/electron/2.0.11", "NodeJS/electron/2.0.14", "NodeJS/electron/3.0.0-beta.1", "NodeJS/electron/3.0.0-beta.4", "NodeJS/electron/2.1.0-unsupported.20180809", "NodeJS/electron/3.0.0-beta.6", "NodeJS/electron/3.0.0-beta.7", "NodeJS/electron/3.0.0-beta.8", "NodeJS/electron/3.0.0-beta.10", "NodeJS/electron/3.0.0-beta.13", "NodeJS/electron/3.0.0", "NodeJS/electron/3.0.1", "NodeJS/electron/3.0.6", "NodeJS/electron/3.0.8", "NodeJS/electron/3.0.11", "NodeJS/electron/3.0.13", "NodeJS/electron/3.0.0-beta.2", "NodeJS/electron/3.0.0-beta.3", "NodeJS/electron/3.0.0-beta.5", "NodeJS/electron/3.0.0-beta.9", "NodeJS/electron/3.0.0-beta.11", "NodeJS/electron/3.0.0-beta.12", "NodeJS/electron/3.0.2", "NodeJS/electron/3.0.3", "NodeJS/electron/3.0.4", "NodeJS/electron/3.0.5", "NodeJS/electron/3.0.7", "NodeJS/electron/3.0.9", "NodeJS/electron/3.0.10", "NodeJS/electron/3.0.12", "NodeJS/electron/3.0.14", "NodeJS/electron/3.0.15", "NodeJS/electron/2.0.18", "NodeJS/electron/3.1.0-beta.1", "NodeJS/electron/3.1.0-beta.2", "NodeJS/electron/3.1.0-beta.3", "NodeJS/electron/3.1.0-beta.4", "NodeJS/electron/3.1.0", "NodeJS/electron/3.1.2", "NodeJS/electron/3.1.3", "NodeJS/electron/3.1.4", "NodeJS/electron/3.1.0-beta.5", "NodeJS/electron/3.1.1", "NodeJS/electron/3.1.5", "NodeJS/electron/3.0.16", "NodeJS/electron/4.0.0-beta.1", "NodeJS/electron/4.0.0-beta.3", "NodeJS/electron/4.0.0-beta.4", "NodeJS/electron/4.0.0-beta.7", "NodeJS/electron/4.0.0-beta.10", "NodeJS/electron/4.0.1", "NodeJS/electron/4.0.2", "NodeJS/electron/4.0.3", "NodeJS/electron/4.0.4", "NodeJS/electron/4.0.6", "NodeJS/electron/4.0.7", "NodeJS/electron/3.1.7", "NodeJS/electron/3.1.9", "NodeJS/electron/3.1.11", "NodeJS/electron/3.1.13", "NodeJS/electron/4.0.0-beta.2", "NodeJS/electron/4.0.0-beta.5", "NodeJS/electron/4.0.0-beta.6", "NodeJS/electron/4.0.0-beta.8", "NodeJS/electron/4.0.0-beta.9", "NodeJS/electron/4.0.0-beta.11", "NodeJS/electron/4.0.0", "NodeJS/electron/4.0.5", "NodeJS/electron/3.1.6", "NodeJS/electron/3.1.8", "NodeJS/electron/3.1.10", "NodeJS/electron/3.1.12", "NodeJS/electron/5.0.0-beta.1", "NodeJS/electron/5.0.0-beta.3", "NodeJS/electron/4.1.4", "NodeJS/electron/4.2.0", "NodeJS/electron/4.2.10", "NodeJS/electron/4.2.12", "NodeJS/electron/5.0.0-beta.2", "NodeJS/electron/5.0.0-beta.4", "NodeJS/electron/4.0.8", "NodeJS/electron/4.1.0", "NodeJS/electron/4.1.1", "NodeJS/electron/4.1.2", "NodeJS/electron/4.1.3", "NodeJS/electron/4.1.5", "NodeJS/electron/4.2.1", "NodeJS/electron/4.2.2", "NodeJS/electron/4.2.3", "NodeJS/electron/4.2.4", "NodeJS/electron/4.2.5", "NodeJS/electron/4.2.6", "NodeJS/electron/4.2.7", "NodeJS/electron/4.2.8", "NodeJS/electron/4.2.9", "NodeJS/electron/4.2.11"]

Secure versions: [22.3.25, 22.3.26, 22.3.27, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.10, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 27.0.0, 27.0.0-beta.8, 27.0.0-beta.9, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.10, 27.3.11, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 28.0.0, 28.0.0-alpha.1, 28.0.0-alpha.2, 28.0.0-alpha.3, 28.0.0-alpha.4, 28.0.0-alpha.5, 28.0.0-alpha.6, 28.0.0-alpha.7, 28.0.0-beta.1, 28.0.0-beta.10, 28.0.0-beta.11, 28.0.0-beta.2, 28.0.0-beta.3, 28.0.0-beta.4, 28.0.0-beta.5, 28.0.0-beta.6, 28.0.0-beta.7, 28.0.0-beta.8, 28.0.0-beta.9, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.10, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.3.0, 28.3.1, 28.3.2, 28.3.3, 29.0.0, 29.0.0-alpha.1, 29.0.0-alpha.10, 29.0.0-alpha.11, 29.0.0-alpha.2, 29.0.0-alpha.3, 29.0.0-alpha.4, 29.0.0-alpha.5, 29.0.0-alpha.6, 29.0.0-alpha.7, 29.0.0-alpha.8, 29.0.0-alpha.9, 29.0.0-beta.1, 29.0.0-beta.10, 29.0.0-beta.11, 29.0.0-beta.12, 29.0.0-beta.2, 29.0.0-beta.3, 29.0.0-beta.4, 29.0.0-beta.5, 29.0.0-beta.6, 29.0.0-beta.7, 29.0.0-beta.8, 29.0.0-beta.9, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.4.0, 29.4.1, 29.4.2, 29.4.3, 29.4.5, 29.4.6, 30.0.0, 30.0.0-alpha.1, 30.0.0-alpha.2, 30.0.0-alpha.3, 30.0.0-alpha.4, 30.0.0-alpha.5, 30.0.0-alpha.6, 30.0.0-alpha.7, 30.0.0-beta.1, 30.0.0-beta.2, 30.0.0-beta.3, 30.0.0-beta.4, 30.0.0-beta.5, 30.0.0-beta.6, 30.0.0-beta.7, 30.0.0-beta.8, 30.0.1, 30.0.2, 30.0.3, 30.0.4, 30.0.5, 30.0.6, 30.0.7, 30.0.8, 30.0.9, 30.1.0, 30.1.1, 30.1.2, 30.2.0, 30.3.0, 30.3.1, 30.4.0, 30.5.0, 30.5.1, 31.0.0, 31.0.0-alpha.1, 31.0.0-alpha.2, 31.0.0-alpha.3, 31.0.0-alpha.4, 31.0.0-alpha.5, 31.0.0-beta.1, 31.0.0-beta.10, 31.0.0-beta.2, 31.0.0-beta.3, 31.0.0-beta.4, 31.0.0-beta.5, 31.0.0-beta.6, 31.0.0-beta.7, 31.0.0-beta.8, 31.0.0-beta.9, 31.0.1, 31.0.2, 31.1.0, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.7.1, 31.7.2, 31.7.3, 31.7.4, 31.7.5, 31.7.6, 31.7.7, 32.0.0, 32.0.0-alpha.1, 32.0.0-alpha.10, 32.0.0-alpha.2, 32.0.0-alpha.3, 32.0.0-alpha.4, 32.0.0-alpha.5, 32.0.0-alpha.6, 32.0.0-alpha.7, 32.0.0-alpha.8, 32.0.0-alpha.9, 32.0.0-beta.1, 32.0.0-beta.2, 32.0.0-beta.3, 32.0.0-beta.4, 32.0.0-beta.5, 32.0.0-beta.6, 32.0.0-beta.7, 32.0.1, 32.0.2, 32.1.0, 32.1.1, 32.1.2, 32.2.0, 32.2.1, 32.2.2, 32.2.3, 32.2.4, 32.2.5, 32.2.6, 32.2.7, 32.2.8, 32.3.0, 32.3.1, 32.3.2, 32.3.3, 33.0.0, 33.0.0-alpha.1, 33.0.0-alpha.2, 33.0.0-alpha.3, 33.0.0-alpha.4, 33.0.0-alpha.5, 33.0.0-alpha.6, 33.0.0-beta.1, 33.0.0-beta.10, 33.0.0-beta.11, 33.0.0-beta.2, 33.0.0-beta.3, 33.0.0-beta.4, 33.0.0-beta.5, 33.0.0-beta.6, 33.0.0-beta.7, 33.0.0-beta.8, 33.0.0-beta.9, 33.0.1, 33.0.2, 33.1.0, 33.2.0, 33.2.1, 33.3.0, 33.3.1, 33.3.2, 33.4.0, 33.4.1, 33.4.10, 33.4.11, 33.4.2, 33.4.3, 33.4.4, 33.4.5, 33.4.6, 33.4.7, 33.4.8, 33.4.9, 34.0.0, 34.0.0-alpha.1, 34.0.0-alpha.2, 34.0.0-alpha.3, 34.0.0-alpha.4, 34.0.0-alpha.5, 34.0.0-alpha.6, 34.0.0-alpha.7, 34.0.0-alpha.8, 34.0.0-alpha.9, 34.0.0-beta.1, 34.0.0-beta.10, 34.0.0-beta.11, 34.0.0-beta.12, 34.0.0-beta.13, 34.0.0-beta.14, 34.0.0-beta.15, 34.0.0-beta.16, 34.0.0-beta.2, 34.0.0-beta.3, 34.0.0-beta.4, 34.0.0-beta.5, 34.0.0-beta.6, 34.0.0-beta.7, 34.0.0-beta.8, 34.0.0-beta.9, 34.0.1, 34.0.2, 34.1.0, 34.1.1, 34.2.0, 34.3.0, 34.3.1, 34.3.2, 34.3.3, 34.3.4, 34.4.0, 34.4.1, 34.5.0, 34.5.1, 34.5.2, 34.5.3, 34.5.4, 34.5.5, 34.5.6, 34.5.7, 34.5.8, 35.0.0, 35.0.0-alpha.1, 35.0.0-alpha.2, 35.0.0-alpha.3, 35.0.0-alpha.4, 35.0.0-alpha.5, 35.0.0-beta.1, 35.0.0-beta.10, 35.0.0-beta.11, 35.0.0-beta.12, 35.0.0-beta.13, 35.0.0-beta.2, 35.0.0-beta.3, 35.0.0-beta.4, 35.0.0-beta.5, 35.0.0-beta.6, 35.0.0-beta.7, 35.0.0-beta.8, 35.0.0-beta.9, 35.0.1, 35.0.2, 35.0.3, 35.1.0, 35.1.1, 35.1.2, 35.1.3, 35.1.4, 35.1.5, 35.2.0, 35.2.1, 35.2.2, 35.3.0, 35.4.0, 35.5.0, 35.5.1, 36.0.0, 36.0.0-alpha.1, 36.0.0-alpha.2, 36.0.0-alpha.3, 36.0.0-alpha.4, 36.0.0-alpha.5, 36.0.0-alpha.6, 36.0.0-beta.1, 36.0.0-beta.2, 36.0.0-beta.3, 36.0.0-beta.4, 36.0.0-beta.5, 36.0.0-beta.6, 36.0.0-beta.7, 36.0.0-beta.8, 36.0.0-beta.9, 36.0.1, 36.1.0, 36.2.0, 36.2.1, 36.3.0, 36.3.1, 36.3.2, 36.4.0, 37.0.0-alpha.1, 37.0.0-alpha.2, 37.0.0-alpha.3, 37.0.0-alpha.4, 37.0.0-alpha.5, 37.0.0-alpha.6, 37.0.0-alpha.7, 37.0.0-beta.1, 37.0.0-beta.2, 37.0.0-beta.3]

Recommendation: Update electron module to ^2.0.18 || ^3.0.16 || ^3.1.6 || ^4.0.8 || ^5.0.0-beta.5

Version	License	Security	Released
1.7.4	MIT	21	2017-06-28 - 23:47	almost 8 years
1.7.3	MIT	21	2017-06-08 - 22:46	about 8 years
1.7.2	MIT	21	2017-05-26 - 20:39	about 8 years
1.7.1	MIT	21	2017-05-16 - 21:41	about 8 years
1.7.0	MIT	21	2017-05-10 - 19:58	about 8 years
1.6.18	MIT	16	2018-05-15 - 19:32	about 7 years
1.6.17	MIT	16	2018-01-31 - 22:26	over 7 years
1.6.16	MIT	16	2018-01-23 - 01:18	over 7 years
1.6.15	MIT	17	2017-10-11 - 17:58	over 7 years
1.6.14	MIT	17	2017-09-28 - 01:26	over 7 years
1.6.13	MIT	18	2017-09-06 - 19:56	almost 8 years
1.6.12	MIT	18	2017-08-03 - 23:31	almost 8 years
1.6.11	MIT	18	2017-05-25 - 19:52	about 8 years
1.6.10	MIT	18	2017-05-16 - 19:37	about 8 years
1.6.9	MIT	18	2017-05-10 - 16:39	about 8 years
1.6.8	MIT	18	2017-05-01 - 22:56	about 8 years
1.6.7	MIT	19	2017-04-18 - 20:58	about 8 years
1.6.6	MIT	19	2017-04-07 - 20:04	about 8 years
1.6.5	MIT	19	2017-03-31 - 20:32	about 8 years
1.6.4	MIT	19	2017-03-22 - 23:06	about 8 years
1.6.3	MIT	19	2017-03-07 - 19:32	over 8 years
1.6.2	MIT	19	2017-03-01 - 20:06	over 8 years
1.6.1	MIT	19	2017-02-21 - 18:24	over 8 years
1.6.0	MIT	19	2017-02-07 - 02:23	over 8 years
1.5.1	MIT	18	2017-02-06 - 18:00	over 8 years
1.5.0	MIT	18	2017-01-24 - 18:20	over 8 years
1.4.16	MIT	18	2017-04-05 - 17:34	about 8 years
1.4.15	MIT	18	2017-01-19 - 18:10	over 8 years
1.4.14	MIT	18	2017-01-10 - 20:45	over 8 years
1.4.13	MIT	18	2016-12-20 - 21:09	over 8 years
1.4.12	MIT	18	2016-12-10 - 06:47	over 8 years
1.4.11	MIT	18	2016-12-07 - 18:03	over 8 years
1.4.10	MIT	18	2016-11-28 - 22:12	over 8 years
1.4.8	MIT	18	2016-11-22 - 23:46	over 8 years
1.4.7	MIT	18	2016-11-16 - 18:46	over 8 years
1.4.6	MIT	18	2016-11-09 - 21:26	over 8 years
1.4.5	MIT	18	2016-11-01 - 17:34	over 8 years
1.4.4	MIT	18	2016-10-20 - 02:23	over 8 years
1.4.3	MIT	18	2016-10-06 - 10:08	over 8 years
1.4.2	MIT	18	2016-09-30 - 12:23	over 8 years
1.4.1	MIT	18	2016-09-22 - 11:25	over 8 years
1.4.0	MIT	18	2016-09-15 - 07:25	over 8 years
1.3.15	MIT	18	2017-04-21 - 00:04	about 8 years
1.3.14	MIT	18	2017-03-14 - 18:47	about 8 years
1.3.13	MIT	18	2016-12-06 - 23:53	over 8 years
1.3.12	MIT	18	2016-11-28 - 20:49	over 8 years
1.3.10	MIT	18	2016-11-22 - 19:19	over 8 years
1.3.9	MIT	18	2016-11-16 - 20:57	over 8 years
1.3.8	MIT	18	2016-10-20 - 07:11	over 8 years
1.3.7	MIT	18	2016-09-27 - 10:03	over 8 years

NodeJS/electron/0.2.0

19 Security Vulnerabilities

Impact

Patches

Workarounds

Recommendation

Impact

Workarounds

Fixed Versions

For more information

Impact

Patches

Workarounds

For more information

Impact

Workarounds

Fixed Versions

For more information

Impact

Workarounds

Fixed Versions

For more information

Impact

Workarounds

Fixed Versions

For more information

Impact

Workarounds

Fixed Versions

For more information

Impact

Patches

Workarounds

For more information

Impact

Workarounds

Fixed Versions

Non-Impacted Versions

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Impact

Patches

Workarounds

For more information

Credit

Impact

Workarounds

Fixed Versions

For more information

1464 Other Versions