CPE-E8898001-2AD8-4869-9CB2-B2F81A9B9E4F Detail

CPE Details

Electronjs Electron 25.0.0 Alpha 2 for Node.js

Vendor

electronjs

Product

electron

Version

25.0.0

Created

2023-09-11
12h31 +00:00

Modified

2023-09-11
15h16 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:electronjs:electron:25.0.0:alpha2:::*:node.js::

Informations

Vendor

electronjs

Product

electron

Version

25.0.0

Update

alpha2

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-44402	2023-12-01 21h45 +00:00	Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.	7	High
CVE-2023-39956	2023-09-06 20h09 +00:00	Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.	6.6	Medium

Electronjs Electron 25.0.0 Alpha 2 for Node.js

CPE Details

CPE Name: cpe:2.3:a:electronjs:electron:25.0.0:alpha2:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Update

Target Software

Related CVE

CPE Name: cpe:2.3:a:electronjs:electron:25.0.0:alpha2:::*:node.js::