How severe is CVE-2023-29198?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.5 out of 10.

What type of vulnerability is CVE-2023-29198?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2023-29198 - HIGH Severity | CVSS 8.5

Vulnerability Description

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.

Related Vulnerabilities

CVE-2018-20840

HIGH

CVSS:8.6(High)

An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recove...

CWE-7542018

CVE-2019-15989

HIGH

CVSS:8.6(High)

A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) con...

CWE-7542019

CVE-2019-6831

HIGH

CVSS:8.6(High)

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active conn...

CWE-7542019

CVE-2020-3480

HIGH

CVSS:8.6(High)

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through th...

CWE-7542020

CVE-2021-39162

HIGH

CVSS:8.6(High)

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead...

CWE-7542021

CVE-2022-20837

HIGH

CVSS:8.6(High)

A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to c...

CWE-7542022