CVE-2021-39184

Name of the Vulnerable Software and Affected Versions Electron versions prior to 11.5.0 Electron versions prior to 12.1.0 Electron versions prior to 13.3.0

Description A vulnerability in Electron allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. This issue is related to the createThumbnailFromPath API and can lead to the disclosure of protected information.

Recommendations For versions prior to 11.5.0, consider upgrading to version 11.5.0 or later. For versions prior to 12.1.0, consider upgrading to version 12.1.0 or later. For versions prior to 13.3.0, consider upgrading to version 13.3.0 or later. As a temporary workaround, consider enabling contextIsolation in your app to make the vulnerability significantly more difficult for an attacker to exploit. If your app does not depend on the createThumbnailFromPath API, consider disabling the functionality by deleting require('electron').nativeImage.createThumbnailFromPath in the main process before the 'ready' event.