Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/electron@22.3.24

Type npm

Namespace

Name electron

Version 22.3.24

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 22.3.25

Latest_non_vulnerable_version 27.0.0-beta.8

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-de1j-4qwd-duab

vulnerability_id VCID-de1j-4qwd-duab

summary

ASAR Integrity bypass via filetype confusion in electron
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.

references

reference_url	https://github.com/electron/electron
reference_id
reference_type
scores
url	https://github.com/electron/electron

reference_url	https://github.com/electron/electron/pull/39788
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39788

reference_url	https://www.electronjs.org/docs/latest/tutorial/fuses
reference_id
reference_type
scores
url	https://www.electronjs.org/docs/latest/tutorial/fuses

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-44402
reference_id	CVE-2023-44402
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-44402

reference_url	https://github.com/advisories/GHSA-7m48-wc93-9g85
reference_id	GHSA-7m48-wc93-9g85
reference_type
scores
url	https://github.com/advisories/GHSA-7m48-wc93-9g85

reference_url	https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85
reference_id	GHSA-7m48-wc93-9g85
reference_type
scores
url	https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85

fixed_packages

url	pkg:npm/electron@22.3.24
purl	pkg:npm/electron@22.3.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24

url	pkg:npm/electron@24.8.3
purl	pkg:npm/electron@24.8.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3

url	pkg:npm/electron@25.8.1
purl	pkg:npm/electron@25.8.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1

url	pkg:npm/electron@26.2.1
purl	pkg:npm/electron@26.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1

url	pkg:npm/electron@27.0.0-alpha.7
purl	pkg:npm/electron@27.0.0-alpha.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7

aliases CVE-2023-44402, GHSA-7m48-wc93-9g85

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab

url VCID-k669-cacz-9fcd

vulnerability_id VCID-k669-cacz-9fcd

summary Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. *Note: This advisory was previously also tracked as CVE-2023-5129.*

references

reference_url	https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway
reference_id
reference_type
scores
url	https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway

reference_url	https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
reference_id
reference_type
scores
url	https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/

reference_url	https://blog.isosceles.com/the-webp-0day
reference_id
reference_type
scores
url	https://blog.isosceles.com/the-webp-0day

reference_url	https://bugzilla.suse.com/show_bug.cgi?id=1215231
reference_id
reference_type
scores
url	https://bugzilla.suse.com/show_bug.cgi?id=1215231

reference_url	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
reference_id
reference_type
scores
url	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

reference_url	https://crbug.com/1479274
reference_id
reference_type
scores
url	https://crbug.com/1479274

reference_url	https://en.bandisoft.com/honeyview/history
reference_id
reference_type
scores
url	https://en.bandisoft.com/honeyview/history

reference_url	https://en.bandisoft.com/honeyview/history/
reference_id
reference_type
scores
url	https://en.bandisoft.com/honeyview/history/

reference_url	https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0
reference_id
reference_type
scores
url	https://github.com/dlemstra/Magick.NET/releases/tag/13.3.0

reference_url	https://github.com/electron/electron/pull/39823
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39823

reference_url	https://github.com/electron/electron/pull/39825
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39825

reference_url	https://github.com/electron/electron/pull/39826
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39826

reference_url	https://github.com/electron/electron/pull/39827
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39827

reference_url	https://github.com/electron/electron/pull/39828
reference_id
reference_type
scores
url	https://github.com/electron/electron/pull/39828

reference_url	https://github.com/ImageMagick/ImageMagick/discussions/6664
reference_id
reference_type
scores
url	https://github.com/ImageMagick/ImageMagick/discussions/6664

reference_url	https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc
reference_id
reference_type
scores
url	https://github.com/jaredforth/webp/commit/9d4c56e63abecc777df71c702503c3eaabd7dcbc

reference_url	https://github.com/jaredforth/webp/pull/30
reference_id
reference_type
scores
url	https://github.com/jaredforth/webp/pull/30

reference_url	https://github.com/python-pillow/Pillow/pull/7395
reference_id
reference_type
scores
url	https://github.com/python-pillow/Pillow/pull/7395

reference_url	https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b
reference_id
reference_type
scores
url	https://github.com/qnighy/libwebp-sys2-rs/commit/4560c473a76ec8bd8c650f19ddf9d7a44f719f8b

reference_url	https://github.com/qnighy/libwebp-sys2-rs/pull/21
reference_id
reference_type
scores
url	https://github.com/qnighy/libwebp-sys2-rs/pull/21

reference_url	https://github.com/webmproject/libwebp
reference_id
reference_type
scores
url	https://github.com/webmproject/libwebp

reference_url	https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
reference_id
reference_type
scores
url	https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a

reference_url	https://github.com/webmproject/libwebp/releases/tag/v1.3.2
reference_id
reference_type
scores
url	https://github.com/webmproject/libwebp/releases/tag/v1.3.2

reference_url	https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html

reference_url	https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html

reference_url	https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I

reference_url	https://news.ycombinator.com/item?id=37478403
reference_id
reference_type
scores
url	https://news.ycombinator.com/item?id=37478403

reference_url	https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security
reference_id
reference_type
scores
url	https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html#security

reference_url	https://rustsec.org/advisories/RUSTSEC-2023-0060.html
reference_id
reference_type
scores
url	https://rustsec.org/advisories/RUSTSEC-2023-0060.html

reference_url	https://rustsec.org/advisories/RUSTSEC-2023-0061.html
reference_id
reference_type
scores
url	https://rustsec.org/advisories/RUSTSEC-2023-0061.html

reference_url	https://security.gentoo.org/glsa/202309-05
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202309-05

reference_url	https://security.gentoo.org/glsa/202401-10
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202401-10

reference_url	https://security.netapp.com/advisory/ntap-20230929-0011
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230929-0011

reference_url	https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
reference_id
reference_type
scores
url	https://sethmlarson.dev/security-developer-in-residence-weekly-report-16

reference_url	https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863
reference_id
reference_type
scores
url	https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863

reference_url	https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
reference_id
reference_type
scores
url	https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/

reference_url	https://www.bentley.com/advisories/be-2023-0001
reference_id
reference_type
scores
url	https://www.bentley.com/advisories/be-2023-0001

reference_url	https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks
reference_id
reference_type
scores
url	https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks

reference_url	https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
reference_id
reference_type
scores
url	https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/

reference_url	https://www.debian.org/security/2023/dsa-5496
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5496

reference_url	https://www.debian.org/security/2023/dsa-5497
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5497

reference_url	https://www.debian.org/security/2023/dsa-5498
reference_id
reference_type
scores
url	https://www.debian.org/security/2023/dsa-5498

reference_url	https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
reference_id
reference_type
scores
url	https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

reference_url	https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
reference_id
reference_type
scores
url	https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863

reference_url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
reference_id	CVE-2023-4863
reference_type
scores
url	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863

reference_url	https://security-tracker.debian.org/tracker/CVE-2023-4863
reference_id	CVE-2023-4863
reference_type
scores
url	https://security-tracker.debian.org/tracker/CVE-2023-4863

reference_url	https://github.com/advisories/GHSA-j7hp-h8jx-5ppr
reference_id	GHSA-j7hp-h8jx-5ppr
reference_type
scores
url	https://github.com/advisories/GHSA-j7hp-h8jx-5ppr

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40

reference_id

mfsa2023-40

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40

fixed_packages

url	pkg:npm/electron@22.3.24
purl	pkg:npm/electron@22.3.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24

url	pkg:npm/electron@24.8.3
purl	pkg:npm/electron@24.8.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3

url	pkg:npm/electron@25.8.1
purl	pkg:npm/electron@25.8.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1

url	pkg:npm/electron@26.2.1
purl	pkg:npm/electron@26.2.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1

url	pkg:npm/electron@27.0.0-beta.2
purl	pkg:npm/electron@27.0.0-beta.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-beta.2

aliases CVE-2023-4863, GHSA-j7hp-h8jx-5ppr

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k669-cacz-9fcd

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24

Package Instance