CVE-2021-28119
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-28119
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28119.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-28119
- Published
- 2021-03-09T23:15:11Z
- Modified
- 2025-02-14T11:23:40.379188Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
- References
Affected packages
Git / github.com/xanderfrangos/twinkle-tray
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xanderfrangos/twinkle-tray
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v.*
v.1.6.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.10.0-beta0
v1.10.0-stable
v1.10.1
v1.10.2
v1.10.3-beta1
v1.10.3-beta2
v1.11.0
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.5.0
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.9.0
v1.9.1
v1.9.1-beta1
v1.9.1-beta2
v1.9.2-beta1
v1.9.2-beta2
v1.9.2-beta3
v1.9.2-beta4
v1.9.2-beta6