Documentation

No results
    gitHub

    Table of contents

    Vulnerabilities

    **[19-Jul-2025] **NPM package 'is' CVE-2025-54313

    The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.  More details are available in this article.

     

    While Hackolade uses NPM, this vulnerability does not affect our product.  First because none of the infected libraries or libraries with infected dependencies are used in Hackolade Studio or its plugins, or in Hackolade Model Hub.  But also because, if used in dev dependencies, we do not use any of the versions infected.

     

     

    **[12-Aug-2022] **Chromium CVE-2022-2162

    We are aware of this vulnerability due to insufficient policy enforcement in the File System API of Google Chrome on Windows prior to 103.0.5060.53, allowing a remote attacker to bypass file system access via a crafted HTML page.  Hackolade uses Electron, the open-source software framework developed and maintained by GitHub.  Electron combines the Chromium rendering engine and the Node.js runtime.  

     

    While Electron comes with Chromium built-in, it is not used as a regular browser.  Meaning that the app is not loading random/potentially malicious html/js from the internet, but only static predefined content.  

     

    Nevertheless, and as a precautionary measure, Hackolade Studio’s version 6.4.0 has been upgraded to a version of Electron that includes a backported fix to patch this vulnerability.  Users of Hackolade Studio are encouraged to upgrade to the latest version of Hackolade Studio, currently v6.4.0 or higher.

     

     

    **[08-Apr-22] **Chromium CVE-2022-1096 vulnerability

    We are aware of this vulnerability due to type confusion in V8.  Hackolade uses Electron, the open-source software framework developed and maintained by GitHub, which is owned by Microsoft.  Electron combines the Chromium rendering engine and the Node.js runtime.  Chromium uses V8, Google's open source JavaScript engine.

     

    The technical details for this vulnerability are unknown and an exploit is not publicly available.  While Electron comes with Chromium built-in, it is not used as a regular browser.  Meaning that the app is not loading random/potentially malicious html/js from the internet, but only static predefined content.  

     

    Nevertheless, and as a precautionary measure, Hackolade Studio’s current version 6 as well as the previous major version 5 have both been upgraded to a version of Electron that includes a version of Chromium that officially patches this vulnerability.   Users of Hackolade Studio are encouraged to upgrade to the latest version of Hackolade Studio, currently v6.0.4 or higher, or v5.4.12 or higher.

     


    **[13-Dec-21] **Log4j CVE-2021-44228 vulnerability

    We are aware of this vulnerability report. But Hackolade does not use Java. The application is written in JavaScript, Typescript, and ReactJS. This vulnerability does not affect us.

    On this page