Vulnerabilities > CVE-2021-28119 - Unspecified vulnerability in Twinkletray Twinkle Tray

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

twinkletray

NVD

Published: 2021-03-09

Updated: 2021-03-18

Summary

Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.

Vulnerable Configurations

Part	Description	Count
Application	Twinkletray Twinkletray Twinkle Tray *	1

References

https://github.com/xanderfrangos/twinkle-tray/issues/142