ever-co/ever-gauzy
Ready to fix your vulnerabilities? Automatically find, fix, and monitor vulnerabilities for free with Snyk.
Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.1.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Type Confusion via crafted HTML content. This can be exploited to escape the v8 sandbox and execute arbitrary code on the operating system.
Remediation
Upgrade electron to version 31.7.1, 32.2.1 or higher.
References
critical severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-Bounds Write via the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.4.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Improper Access Control due to an inappropriate implementation in Extensions. An attacker can bypass site isolation.
Remediation
Upgrade electron to version 31.7.4, 32.2.3 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can access memory locations outside the intended boundary by crafting a malicious HTML page that triggers the flaw.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via a crafted HTML page. An attacker can perform an out of bounds memory write by sending a specially crafted HTML content.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Skia.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.3.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Read via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.
Remediation
Upgrade electron to version 32.3.3, 33.4.3 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.7.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting a malicious HTML page.
Remediation
Upgrade electron to version 31.7.7 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.0.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Write through a crafted HTML page. An attacker can execute arbitrary code inside a sandbox by crafting malicious HTML content.
Remediation
Upgrade electron to version 32.3.0 or higher.
References
high severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Write via a crafted HTML page. An attacker can potentially exploit heap corruption by sending a specially crafted HTML page to the victim.
Remediation
Upgrade electron to version 32.3.2, 33.4.2 or higher.
References
high severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Write through crafted HTML pages. An attacker can exploit heap corruption by sending a specially crafted HTML page to the victim.
Remediation
Upgrade electron to version 32.3.2, 33.4.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.0.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Type Confusion in v8 engine.
Remediation
Upgrade electron to version 32.3.0 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free via the Dawn component. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free via the WebAudio process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.5.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free via the Serial process. An attacker can potentially exploit heap corruption.
Remediation
Upgrade electron to version 31.7.5, 32.2.5 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.7.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free via the Compositing process. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.
Remediation
Upgrade electron to version 31.7.7 or higher.
References
high severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@33.4.3.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free through the V8 engine. An attacker can potentially exploit heap corruption by crafting a malicious HTML page.
Remediation
Upgrade electron to version 33.4.3 or higher.
References
high severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.3.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Use After Free through the V8 engine.
Remediation
Upgrade electron to version 32.3.3, 33.4.3 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.4.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Write in Dawn.
Remediation
Upgrade electron to version 31.7.4, 32.2.3 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.1.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Type Confusion in InferHasInPrototypeChain of the V8 engine.
Remediation
Upgrade electron to version 31.7.1, 32.2.1 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Type Confusion via the V8 engine.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
high severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-bounds Read in Skia.
Remediation
Upgrade electron to version 31.7.2, 32.2.2 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.4.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.
Remediation
Upgrade electron to version 31.7.4, 32.2.3 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.2.3.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') via a crafted HTML page. An attacker can potentially exploit heap corruption.
Remediation
Upgrade electron to version 32.2.3 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.5.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Access Restriction Bypass due to an inappropriate implementation in the Extensions feature. An attacker can bypass site isolation.
Remediation
Upgrade electron to version 31.7.5, 32.2.5, 33.2.1 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in Fonts.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the V8 engine.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
medium severity
new
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@32.3.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Heap-based Buffer Overflow in v8, when processing a very large number of parameters.
Remediation
Upgrade electron to version 32.3.2, 33.4.2 or higher.
References
medium severity
- Vulnerable module: electron
- Introduced through: electron@30.5.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › electron@30.5.1Remediation: Upgrade to electron@31.7.2.
Overview
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Type Confusion. An attacker can access memory locations outside of the intended bounds by crafting a malicious HTML page that triggers type confusion in the V8 engine.
Remediation
Upgrade electron to version 31.7.2 or higher.
References
medium severity
- Vulnerable module: inflight
- Introduced through: bcrypt@5.1.1
Detailed paths
-
Introduced through: ever-gauzy@ever-co/ever-gauzy#43af504978f46dc6a20d99ef72577c736a6b1859 › bcrypt@5.1.1 › @mapbox/node-pre-gyp@1.0.11 › rimraf@3.0.2 › glob@7.2.3 › inflight@1.0.6
Overview
Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the makeres function due to improperly deleting keys from the reqs object after execution of callbacks. This behavior causes the keys to remain in the reqs object, which leads to resource exhaustion.
Exploiting this vulnerability results in crashing the node process or in the application crash.
Note: This library is not maintained, and currently, there is no fix for this issue. To overcome this vulnerability, several dependent packages have eliminated the use of this library.
To trigger the memory leak, an attacker would need to have the ability to execute or influence the asynchronous operations that use the inflight module within the application. This typically requires access to the internal workings of the server or application, which is not commonly exposed to remote users. Therefore, “Attack vector” is marked as “Local”.
PoC
const inflight = require('inflight');
function testInflight() {
let i = 0;
function scheduleNext() {
let key = `key-${i++}`;
const callback = () => {
};
for (let j = 0; j < 1000000; j++) {
inflight(key, callback);
}
setImmediate(scheduleNext);
}
if (i % 100 === 0) {
console.log(process.memoryUsage());
}
scheduleNext();
}
testInflight();
Remediation
There is no fixed version for inflight.