Detections
Analytics

SCA: security update for electron (GHSA-77xc-hjv8-ww97)

high Tenable Self-Hosted Container Security Plugin ID 411920

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

 - Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and
 CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who
 have control over a given apps update server / update storage to serve maliciously crafted update packages
 that pass the code signing validation check but contain malicious code in some components. This kind of
 attack would require significant privileges in a potential victim's own auto updating infrastructure and
 the ease of that attack entirely depends on the potential victim's infrastructure security. Electron
 versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known
 workarounds. (CVE-2022-29257)

See Also

https://github.com/advisories/GHSA-77xc-hjv8-ww97

Plugin Details

Severity: High

ID: 411920

Version: Revision 1.5

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 6/1/2026

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2022-29257

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/16/2022

Vulnerability Publication Date: 6/13/2022

Reference Information

CVE: CVE-2022-29257

cwe: CWE-20