electron@12.0.0-beta.5

Vulnerabilities

1 via 1 paths

Dependencies

86

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Information Exposure

  • Vulnerable module: electron
  • Introduced through: electron@12.0.0-beta.5

Detailed paths

  • Introduced through: electron@12.0.0-beta.5
    Remediation: Upgrade to electron@12.0.0.

Overview

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Information Exposure. IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.

Remediation

Upgrade electron to version 9.4.0, 10.2.0, 11.1.0, 12.0.0-beta.9 or higher.

References