Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-e5ej-zf6n-suf5
Summary
Always-Incorrect Control Flow Implementation
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A ``Content-Security-Policy`` that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
Aliases
0
alias CVE-2023-23623
1
alias GHSA-gxh7-wv9q-fwfr
Fixed_packages
0
url pkg:npm/electron@22.0.1
purl pkg:npm/electron@22.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-f81v-9fv8-93cd
3
vulnerability VCID-j7d6-zp3s-67fq
4
vulnerability VCID-qd52-rbd7-qkbn
5
vulnerability VCID-vdzj-kqfy-d3b7
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.1
1
url pkg:npm/electron@23.0.0-alpha.2
purl pkg:npm/electron@23.0.0-alpha.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-j7d6-zp3s-67fq
3
vulnerability VCID-qd52-rbd7-qkbn
4
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.2
Affected_packages
0
url pkg:npm/electron@22.0.0-beta.1
purl pkg:npm/electron@22.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.1
1
url pkg:npm/electron@22.0.0-beta.2
purl pkg:npm/electron@22.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.2
2
url pkg:npm/electron@22.0.0-beta.3
purl pkg:npm/electron@22.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.3
3
url pkg:npm/electron@22.0.0-beta.4
purl pkg:npm/electron@22.0.0-beta.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.4
4
url pkg:npm/electron@22.0.0-beta.5
purl pkg:npm/electron@22.0.0-beta.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.5
5
url pkg:npm/electron@22.0.0-beta.6
purl pkg:npm/electron@22.0.0-beta.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.6
6
url pkg:npm/electron@22.0.0-beta.7
purl pkg:npm/electron@22.0.0-beta.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.7
7
url pkg:npm/electron@22.0.0-beta.8
purl pkg:npm/electron@22.0.0-beta.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0-beta.8
8
url pkg:npm/electron@22.0.0
purl pkg:npm/electron@22.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-f81v-9fv8-93cd
4
vulnerability VCID-j7d6-zp3s-67fq
5
vulnerability VCID-qd52-rbd7-qkbn
6
vulnerability VCID-vdzj-kqfy-d3b7
7
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.0.0
9
url pkg:npm/electron@23.0.0-alpha.1
purl pkg:npm/electron@23.0.0-alpha.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7eu1-94qk-nuar
1
vulnerability VCID-a795-r67e-p3ck
2
vulnerability VCID-e5ej-zf6n-suf5
3
vulnerability VCID-j7d6-zp3s-67fq
4
vulnerability VCID-qd52-rbd7-qkbn
5
vulnerability VCID-w7f7-5frp-n3br
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.0.0-alpha.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23623
reference_id
reference_type
scores
0
value 0.00501
scoring_system epss
scoring_elements 0.6595
published_at 2026-04-02T12:55:00Z
1
value 0.00501
scoring_system epss
scoring_elements 0.66021
published_at 2026-04-21T12:55:00Z
2
value 0.00501
scoring_system epss
scoring_elements 0.66034
published_at 2026-04-18T12:55:00Z
3
value 0.00501
scoring_system epss
scoring_elements 0.6602
published_at 2026-04-16T12:55:00Z
4
value 0.00501
scoring_system epss
scoring_elements 0.65985
published_at 2026-04-13T12:55:00Z
5
value 0.00501
scoring_system epss
scoring_elements 0.66015
published_at 2026-04-12T12:55:00Z
6
value 0.00501
scoring_system epss
scoring_elements 0.66028
published_at 2026-04-11T12:55:00Z
7
value 0.00501
scoring_system epss
scoring_elements 0.66009
published_at 2026-04-09T12:55:00Z
8
value 0.00501
scoring_system epss
scoring_elements 0.65997
published_at 2026-04-08T12:55:00Z
9
value 0.00501
scoring_system epss
scoring_elements 0.65946
published_at 2026-04-07T12:55:00Z
10
value 0.00501
scoring_system epss
scoring_elements 0.6598
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23623
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://github.com/electron/electron/commit/9e7fbc7021d8d716c43782249a552e55289c35db
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/commit/9e7fbc7021d8d716c43782249a552e55289c35db
3
reference_url https://github.com/electron/electron/pull/36667
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/36667
4
reference_url https://github.com/electron/electron/pull/36668
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/pull/36668
5
reference_url https://github.com/electron/electron/releases/tag/v22.0.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron/releases/tag/v22.0.1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23623
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23623
7
reference_url https://github.com/advisories/GHSA-gxh7-wv9q-fwfr
reference_id GHSA-gxh7-wv9q-fwfr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gxh7-wv9q-fwfr
8
reference_url https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr
reference_id GHSA-gxh7-wv9q-fwfr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-26T17:45:10Z/
url https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 670
name Always-Incorrect Control Flow Implementation
description The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-e5ej-zf6n-suf5