How severe is CVE-2021-39184?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2021-39184?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2021-39184 - HIGH Severity | CVSS 8.6

Vulnerability Description

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.

Related Vulnerabilities

CVE-2020-11303

HIGH

CVSS:8.6(High)

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap...

CWE-6682020

CVE-2018-8861

HIGH

CVSS:8.7(High)

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brill...

CWE-6682018

CVE-2023-26458

HIGH

CVSS:8.7(High)

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to ot...

CWE-6682023

CVE-2024-43704

HIGH

CVSS:8.4(High)

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.

CWE-6682024

CVE-2016-10840

HIGH

CVSS:8.8(High)

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).

CWE-6682016

CVE-2017-0367

HIGH

CVSS:8.8(High)

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

CWE-6682017