new vulnerability in electron

AikidoSec · Feb 27, 2025 · c5b9819 · c5b9819
1 parent 3a180aa
commit c5b9819
Showing 1 changed file with 27 additions and 13 deletions.
diff --git a/input/new.json b/input/new.json
@@ -1,15 +1,29 @@
 {
-  "package_name": "",
-  "patch_versions": [],
-  "vulnerable_ranges": [],
-  "cwe": [],
-  "tldr": "",
-  "doest_this_affect_me": "",
-  "how_to_fix": "",
-  "vulnerable_to": "",
-  "related_cve_id": "",
-  "language": "",
-  "severity_class": "",
-  "aikido_score": 0,
-  "changelog": ""
+  "package_name": "electron",
+  "patch_versions": [
+    "32.3.2",
+    "33.4.2"
+  ],
+  "vulnerable_ranges": [
+    [
+      "32.0.0",
+      "32.3.1"
+    ],
+    [
+      "33.0.0",
+      "33.4.1"
+    ]
+  ],
+  "cwe": [
+    "CWE-122"
+  ],
+  "tldr": "Affected versions of this package are affected by a heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `electron` library to a patch version.",
+  "vulnerable_to": "Heap Buffer Overflow",
+  "related_cve_id": "CVE-2025-0999",
+  "language": "JS",
+  "severity_class": "HIGH",
+  "aikido_score": 88,
+  "changelog": "https://github.com/electron/electron/releases/tag/v33.4.2"
 }