CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39698 – Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
https://notcve.org/view.php?id=CVE-2024-39698
09 Jul 2024 — electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If ... • https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41 • CWE-154: Improper Neutralization of Variable Name Delimiters •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27303 – electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
https://notcve.org/view.php?id=CVE-2024-27303
06 Mar 2024 — electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the sa... • https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •