[Snyk] Security upgrade electron from 15.5.7 to 33.4.6 #29

TheRedHatter · 2025-03-20T17:40:40Z

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

doc/js_tutorials/js_assets/webnn-electron/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-ELECTRON-9486047	721

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Access of Resource Using Incompatible Type ('Type Confusion')

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-9486047

TheRedHatter · 2025-03-20T18:00:42Z

Checkmarx One – Scan Summary & Details – 36a758aa-b709-4dae-9ee7-db9e9221ec9b

New Issues (79)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2017-1000487	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: Plexus-utils versions prior to 3.0.16 are vulnerable to command injection because it does not correctly process the contents of double quoted strings. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2018-7712	Python-opencv-python-4.5.5.64	details Description: DISPUTED The validateInputImageSize function in `modules/imgcodecs/src/loadsave.cpp` in OpenCV allows remote attackers to cause a denial of s... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2018-7713	Python-opencv-python-4.5.5.64	details Description: DISPUTED The "validateInputImageSize" function in "modules/imgcodecs/src/loadsave.cpp" in OpenCV allows remote attackers to cause a denial of... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2019-9423	Python-opencv-python-4.5.5.64	details Description: In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of priv... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
CVE-2021-35515	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted 7Z archive before 1.21, the construction of the list of codecs that decompress an entry can result in an infinite ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2021-35516	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted 7Z archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of m... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2021-35517	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted TAR archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2021-36090	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted ZIP archive, Compress before 1.21 can be made to allocate large amounts of memory that finally leads to an out of ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2021-37714	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2022-4244	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outs... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2023-2618	Cpp-opencv-4.5.5	details Recommended version: 4.5.5-openvino-2022.1.0 Description: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module versions prior to 4.8.0. Affected by this issue... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2023-2618	Cpp-opencv-3.4.20	details Recommended version: 4.8.0 Description: A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module versions prior to 4.8.0. Affected by this issue... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-1603	Python-paddlepaddle-2.6.2	details Recommended version: 3.0.0rc1 Description: The package PaddlePaddle/Paddle allows arbitrary file read via "paddle.vision.ops.read_file". Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-47554	Maven-commons-io:commons-io-2.4	details Recommended version: 2.11.0.redhat-00004 Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The "org.apache.commons.io.input.XmlStreamReader" class may excessively consu... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
Missing User Instruction	/Dockerfile: 1	details A user should be specified in the dockerfile, otherwise the image will run as root
Missing User Instruction	/Dockerfile-ffmpeg: 1	details A user should be specified in the dockerfile, otherwise the image will run as root
Resource_Injection	/apps/visualisation/opencv_visualisation.cpp: 82	details The application's method, at line 119 of /apps/visualisation/opencv_visualisation.cpp, opens a resource using potentially tainted values provided ... Attack Vector
Resource_Injection	/apps/visualisation/opencv_visualisation.cpp: 82	details The application's method, at line 178 of /apps/visualisation/opencv_visualisation.cpp, opens a resource using potentially tainted values provided ... Attack Vector
Resource_Injection	/apps/visualisation/opencv_visualisation.cpp: 82	details The application's method, at line 119 of /apps/visualisation/opencv_visualisation.cpp, opens a resource using potentially tainted values provided ... Attack Vector
Resource_Injection	/apps/visualisation/opencv_visualisation.cpp: 82	details The application's method, at line 178 of /apps/visualisation/opencv_visualisation.cpp, opens a resource using potentially tainted values provided ... Attack Vector
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
Apt Get Install Pin Version Not Defined	/Dockerfile-ffmpeg: 3	details When installing a package, its pin version should be defined
CVE-2012-6153	Maven-commons-httpclient:commons-httpclient-3.1	details Description: http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain na... Attack Vector: NETWORK Attack Complexity: MEDIUM Vulnerable Package
CVE-2015-6748	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2018-11771	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
CVE-2020-13956	Maven-commons-httpclient:commons-httpclient-3.1	details Description: Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong ta... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2020-15250	Maven-junit:junit-4.11	details Recommended version: 4.13.1 Description: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like sys... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
CVE-2021-29425	Maven-commons-io:commons-io-2.4	details Recommended version: 2.11.0.redhat-00004 Description: In Apache Commons IO from 2.2 up to 2.6, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
CVE-2022-36033	Maven-org.jsoup:jsoup-1.6.1	details Recommended version: 1.15.3 Description: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2022-4245	Maven-org.codehaus.plexus:plexus-utils-3.0	details Recommended version: 3.0.24 Description: A flaw was found in codehaus-plexus versions prior to 3.0.24. The 'org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment' fails to sanitize comme... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-25710	Maven-org.apache.commons:commons-compress-1.4.1	details Recommended version: 1.26.0 Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress 1.3 thr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
CVE-2024-4940	Python-gradio-5.22.0	details Description: An Open Redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect user... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
CVE-2024-55459	Python-keras-3.9.0	details Description: n issue in keras 3.0.0 and after allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the "ge... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
Divide_By_Zero	/3rdparty/libwebp/src/enc/picture_psnr_enc.c: 128	details The application performs an illegal operation in , in /3rdparty/libwebp/src/enc/picture_psnr_enc.c. In line 128, the program attempts to divide by ... Attack Vector
Divide_By_Zero	/3rdparty/libwebp/src/enc/webp_enc.c: 268	details The application performs an illegal operation in , in /3rdparty/libwebp/src/enc/webp_enc.c. In line 268, the program attempts to divide by err, whi... Attack Vector
Divide_By_Zero	/3rdparty/libwebp/src/utils/huffman_encode_utils.c: 96	details The application performs an illegal operation in , in /3rdparty/libwebp/src/utils/huffman_encode_utils.c. In line 113, the program attempts to divi... Attack Vector
Divide_By_Zero	/3rdparty/libwebp/src/enc/picture_tools_enc.c: 57	details The application performs an illegal operation in , in /3rdparty/libwebp/src/enc/picture_tools_enc.c. In line 72, the program attempts to divide by ... Attack Vector

More results are available on the CxOne platform

Fixed Issues (683)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 1111
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 1110
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 984
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 983
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 982
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 981
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 980
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 979
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 978
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 977
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 889
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 888
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 884
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 878
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 877
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 721
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 720
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 719
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 718
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 717
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 704
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 703
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 702
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 701
	~~Buffer_Improper_Index_Access~~	/modules/video/src/variational_refinement.cpp: 700
	~~Buffer_Improper_Index_Access~~	/modules/imgproc/src/subdivision2d.cpp: 635
	~~Buffer_Improper_Index_Access~~	/modules/imgproc/src/subdivision2d.cpp: 615
	~~Buffer_Improper_Index_Access~~	/modules/imgproc/src/morph.dispatch.cpp: 1282
	~~Buffer_Improper_Index_Access~~	/modules/gapi/src/backends/common/gcompoundkernel.cpp: 34
	~~Buffer_Improper_Index_Access~~	/modules/gapi/src/backends/common/gcompoundkernel.cpp: 33
	~~Buffer_Improper_Index_Access~~	/modules/gapi/src/backends/common/gcompoundkernel.cpp: 26
	~~Buffer_Improper_Index_Access~~	/modules/flann/include/opencv2/flann/hierarchical_clustering_index.h: 641
	~~Buffer_Improper_Index_Access~~	/modules/core/src/matrix_sparse.cpp: 671
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 737
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 736
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 721
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 719
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 436
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 399
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 398
	~~Buffer_Improper_Index_Access~~	/modules/core/src/lda.cpp: 372
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/stereobm.cpp: 839
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/stereobm.cpp: 838
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/stereobm.cpp: 764
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/stereobm.cpp: 763
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/epnp.cpp: 70
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 560
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 559
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 550
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 549
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 544
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 542
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 540
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 539
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 524
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 523
	~~Buffer_Improper_Index_Access~~	/modules/calib3d/src/dls.h: 272

More results are available on the CxOne platform

fix: doc/js_tutorials/js_assets/webnn-electron/package.json to reduce…

a0cf086

… vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ELECTRON-9486047

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade electron from 15.5.7 to 33.4.6 #29

[Snyk] Security upgrade electron from 15.5.7 to 33.4.6 #29

Uh oh!

TheRedHatter commented Mar 20, 2025

Uh oh!

TheRedHatter commented Mar 20, 2025

Uh oh!

Uh oh!

[Snyk] Security upgrade electron from 15.5.7 to 33.4.6 #29

Are you sure you want to change the base?

[Snyk] Security upgrade electron from 15.5.7 to 33.4.6 #29

Uh oh!

Conversation

TheRedHatter commented Mar 20, 2025

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

TheRedHatter commented Mar 20, 2025

Uh oh!

Uh oh!