Improper Input Validation in electron

Do your applications use this vulnerable package? Test your applications

Overview

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Input Validation. An insufficient data validation flaw was found in the WASM component of the Chromium browser.

Remediation

Upgrade electron to version 9.4.0, 10.1.7 or higher.

References

Chrome Release Update
GitHub Commit
RedHat Bugzilla Bug

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Credit: Unknown
CVE: CVE-2020-16015
CWE: CWE-20
Snyk ID: SNYK-JS-ELECTRON-1049323
Disclosed: 17 Nov, 2020
Published: 19 Nov, 2020

Improper Input Validation
Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7

Overview

Remediation

References

CVSS Score

Improper Input Validation Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7

Overview

Remediation

References

Improper Input Validation
Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7