Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@27.0.0-alpha.7
Typenpm
Namespace
Nameelectron
Version27.0.0-alpha.7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version27.0.0-beta.2
Latest_non_vulnerable_version27.0.0-beta.8
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-de1j-4qwd-duab
vulnerability_id VCID-de1j-4qwd-duab
summary 
ASAR Integrity bypass via filetype confusion in electron
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against.
references
0
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
url https://github.com/electron/electron
1
reference_url https://github.com/electron/electron/pull/39788
reference_id
reference_type
scores
url https://github.com/electron/electron/pull/39788
2
reference_url https://www.electronjs.org/docs/latest/tutorial/fuses
reference_id
reference_type
scores
url https://www.electronjs.org/docs/latest/tutorial/fuses
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-44402
reference_id CVE-2023-44402
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-44402
4
reference_url https://github.com/advisories/GHSA-7m48-wc93-9g85
reference_id GHSA-7m48-wc93-9g85
reference_type
scores
url https://github.com/advisories/GHSA-7m48-wc93-9g85
5
reference_url https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85
reference_id GHSA-7m48-wc93-9g85
reference_type
scores
url https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85
fixed_packages
0
url pkg:npm/electron@22.3.24
purl pkg:npm/electron@22.3.24
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.24
1
url pkg:npm/electron@24.8.3
purl pkg:npm/electron@24.8.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.8.3
2
url pkg:npm/electron@25.8.1
purl pkg:npm/electron@25.8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.8.1
3
url pkg:npm/electron@26.2.1
purl pkg:npm/electron@26.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@26.2.1
4
url pkg:npm/electron@27.0.0-alpha.7
purl pkg:npm/electron@27.0.0-alpha.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7
aliases CVE-2023-44402, GHSA-7m48-wc93-9g85
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-de1j-4qwd-duab
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@27.0.0-alpha.7