Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@13.3.0
Typenpm
Namespace
Nameelectron
Version13.3.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version13.6.6
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-j3za-9wj7-vkd7
vulnerability_id VCID-j3za-9wj7-vkd7
summary 
Exposure of Resource to Wrong Sphere
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability allows a sandboxed renderer to request a `thumbnail` image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-39184
reference_id
reference_type
scores
0
value 0.00366
scoring_system epss
scoring_elements 0.58877
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-39184
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/pull/30728
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/30728
3
reference_url https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f
4
reference_url https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-39184
reference_id CVE-2021-39184
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-39184
fixed_packages
0
url pkg:npm/electron@11.5.0
purl pkg:npm/electron@11.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@11.5.0
1
url pkg:npm/electron@12.1.0
purl pkg:npm/electron@12.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@12.1.0
2
url pkg:npm/electron@13.3.0
purl pkg:npm/electron@13.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@13.3.0
3
url pkg:npm/electron@15.1.0
purl pkg:npm/electron@15.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@15.1.0
aliases CVE-2021-39184, GHSA-mpjm-v997-c4h4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3za-9wj7-vkd7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@13.3.0