CVE-2021-28119

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-28119

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28119.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-28119

Published

2021-03-09T23:15:11.987Z

Modified

2026-05-06T12:20:22.303024Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

References

https://github.com/xanderfrangos/twinkle-tray/issues/142

Affected packages

Git / github.com/xanderfrangos/twinkle-tray

Affected ranges

Type

GIT

Repo

https://github.com/xanderfrangos/twinkle-tray

Events

Introduced

Last affected

5559960ef7d149730696f3af74f801167b6bc1f4

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.3"
        }
    ],
    "cpe": "cpe:2.3:a:twinkletray:twinkle_tray:*:*:*:*:*:*:*:*"
}

Affected versions

v.*

v.1.6.1

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.10.0-beta0

v1.10.0-stable

v1.10.1

v1.10.2

v1.10.3-beta1

v1.10.3-beta2

v1.11.0

v1.11.2

v1.11.3

v1.11.4

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.5.0

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.9.0

v1.9.1

v1.9.1-beta1

v1.9.1-beta2

v1.9.2-beta1

v1.9.2-beta2

v1.9.2-beta3

v1.9.2-beta4

v1.9.2-beta6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28119.json"