Affected versions of this package are vulnerable to Arbitrary Code Execution due to Node being enabled in a webview because the default values of
webviewTag were set to
true when they where undefined by a user. The fix allows users to prevent Node and webview being enabled, when undefined, by setting the default values of
electron to version 5.0.0-beta.1 or higher.
- Snyk ID
- 07 Jan, 2019
- 11 Nov, 2019