<p>Upgrade <code>electron</code> to version 26.6.6, 27.2.3, 28.1.4 or higher.</p>

=28.0.0 <28.1.4

Snyk CVSS

Attack Complexity Low

Integrity High

Threat Intelligence

Social Trends Trending on Twitter

EPSS 0.08% (34^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-ELECTRON-6173171
published 18 Jan 2024
disclosed 17 Jan 2024
credit Toan (suto) Pham

Report a new vulnerability Found a mistake?

Introduced: 17 Jan 2024

CVE-2024-0517 Open this link in a new tab CWE-787 Open this link in a new tab

How to fix?

Upgrade electron to version 26.6.6, 27.2.3, 28.1.4 or higher.

Overview

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Out-of-bounds Write allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Note: The Stable channel has been updated to 120.0.6099.234 for Mac devices.