Improper Access Control in electron

Do your applications use this vulnerable package? Test your applications

Overview

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Access Control. An insufficient policy enforcement flaw was found in the networking component of chromium.

Remediation

Upgrade electron to version 9.4.0, 10.1.7 or higher.

References

Chrome Release Update
Electron - GitHub PR
RedHat Bugzilla Bug

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Credit: Unknown
CVE: CVE-2020-16022
CWE: CWE-284
Snyk ID: SNYK-JS-ELECTRON-1049321
Disclosed: 17 Nov, 2020
Published: 19 Nov, 2020

Improper Access Control
Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7

Overview

Remediation

References

CVSS Score

Improper Access Control Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7

Overview

Remediation

References

Improper Access Control
Affecting electron package, versions <9.4.0 || >=10.0.0 <10.1.7