![]() If you are an organization using Chocolatey, we want your experience to be fully reliable.ĭue to the nature of this publicly offered repository, reliability cannot be guaranteed. Human moderators who give final review and sign off.Security, consistency, and quality checking.ModerationĮvery version of each package undergoes a rigorous moderation process before it goes live that typically includes: If an API exposed to the main world via contextBridge has a return value that throws a user-generated exception while being sent over the bridge, such as a dynamic getter property on an object that throws an error when being computed.Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community. This would normally result in an Error: object could not be cloned exception being thrown. If an API exposed to the main world via contextBridge can return an object or array that contains a JS object that cannot be serialized, such as a canvas rendering context. This issue is exploitable under either of two conditions: Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.Īffected versions of this package are vulnerable to Improper Access Control via nested unserializable return value when using contextIsolation and contextBridge are affected.Įxploiting this vulnerability allows code running in the main world context in the renderer to reach into the isolated Electron context and perform privileged actions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |