CVE-2021-28119

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-28119
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28119.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-28119
Published
2021-03-09T23:15:11.987Z
Modified
2026-03-14T10:53:13.179080Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

References

Affected packages

Git / github.com/xanderfrangos/twinkle-tray

Affected ranges

Type
GIT
Repo
https://github.com/xanderfrangos/twinkle-tray
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5559960ef7d149730696f3af74f801167b6bc1f4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.13.3"
        }
    ]
}

Affected versions

v.*
v.1.6.1
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.10.0-beta0
v1.10.0-stable
v1.10.1
v1.10.2
v1.10.3-beta1
v1.10.3-beta2
v1.11.0
v1.11.2
v1.11.3
v1.11.4
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.5.0
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.9.0
v1.9.1
v1.9.1-beta1
v1.9.1-beta2
v1.9.2-beta1
v1.9.2-beta2
v1.9.2-beta3
v1.9.2-beta4
v1.9.2-beta6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28119.json"