Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/electron@23.2.3
Typenpm
Namespace
Nameelectron
Version23.2.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version24.7.1
Latest_non_vulnerable_version42.0.0-alpha.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-73qk-x8vr-sfdp
vulnerability_id VCID-73qk-x8vr-sfdp
summary 
Improper Check for Unusual or Exceptional Conditions
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29198
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.3699
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29198
1
reference_url https://github.com/electron/electron
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/electron/electron
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29198
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29198
3
reference_url https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/
url https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support
4
reference_url https://github.com/advisories/GHSA-p7v2-p9m8-qqg7
reference_id GHSA-p7v2-p9m8-qqg7
reference_type
scores
url https://github.com/advisories/GHSA-p7v2-p9m8-qqg7
5
reference_url https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7
reference_id GHSA-p7v2-p9m8-qqg7
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:44:07Z/
url https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7
fixed_packages
0
url pkg:npm/electron@22.3.6
purl pkg:npm/electron@22.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@22.3.6
1
url pkg:npm/electron@23.2.3
purl pkg:npm/electron@23.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3
2
url pkg:npm/electron@24.0.1
purl pkg:npm/electron@24.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@24.0.1
3
url pkg:npm/electron@25.0.0-alpha.2
purl pkg:npm/electron@25.0.0-alpha.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@25.0.0-alpha.2
aliases CVE-2023-29198, GHSA-p7v2-p9m8-qqg7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73qk-x8vr-sfdp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/electron@23.2.3