Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update electron library to 26.2.4 to mitigate High vulnerability CVE-2023-5217 #322

Closed
KenMillard-Steampunk opened this issue Dec 14, 2023 · 0 comments
Closed

Update electron library to 26.2.4 to mitigate High vulnerability CVE-2023-5217 #322

KenMillard-Steampunk opened this issue Dec 14, 2023 · 0 comments

Comments

@KenMillard-Steampunk
Copy link

KenMillard-Steampunk commented Dec 14, 2023
edited

Describe the bug
Based on Trivy scan of project's SBOM, the current version of the electron library used for this project is outdated (26.2.2) and must be updated to at least 26.2.4 to mitigate a high vulnerability.

Desktop (please complete the following information):

  • OS: Windows 11 64 bit
  • Version 3.5.1

To Reproduce
Steps to reproduce the behavior:

  1. In GitHub, go to Insights > Dependencies > Export SBOM.

  2. Then, install Trivy (https://aquasecurity.github.io/trivy/v0.33/docs/sbom/spdx/) and run this command:
    trivy sbom {name of sbom}.json

Screenshots
If applicable, add screenshots to help explain your problem.

image
@KenMillard-Steampunk KenMillard-Steampunk changed the title Update electron library to 22.3.25 to mitigate High vulnerability CVE-2023-5217 Update electron library to 26.2.4 to mitigate High vulnerability CVE-2023-5217 Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ferllings @KenMillard-Steampunk