Homepage
About Snyk

@electron/packager@18.3.0 vulnerabilities

Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @electron/packager package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Exposure of Sensitive System Information to an Unauthorized Control Sphere

@electron/packager is a Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI

Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the resedit() function in resedit.ts, which can include a random segment of heap memory into the packaged executable. An attacker can access up to 10kb of memory adjacent to the integrity buffer.

How to fix Exposure of Sensitive System Information to an Unauthorized Control Sphere?

Upgrade @electron/packager to version 18.3.1 or higher.

>=18.3.0 <18.3.1
Go back to all versions of this package