CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39698 – Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
https://notcve.org/view.php?id=CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. • https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41 https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f https://github.com/electron-userland/electron-builder/pull/8295 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq • CWE-154: Improper Neutralization of Variable Name Delimiters •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29900 – @electron/packager's build process memory potentially leaked into final executable
https://notcve.org/view.php?id=CVE-2024-29900
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1. Electron Packager incluye el código fuente de la aplicación basada en Electron con un ejecutable de Electron renombrado y archivos de soporte en carpetas listas para su distribución. • https://github.com/electron/packager/commit/d421d4bd3ced889a4143c5c3ab6d95e3be249eee https://github.com/electron/packager/security/advisories/GHSA-34h3-8mw4-qw57 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27303 – electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
https://notcve.org/view.php?id=CVE-2024-27303
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. • https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 https://github.com/electron-userland/electron-builder/pull/8059 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1648 – electron-pdf 20.0.0 - Local File Read via Server Side XSS
https://notcve.org/view.php?id=CVE-2024-1648
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. electron-pdf versión 20.0.0 permite a un atacante externo obtener de forma remota archivos locales arbitrarios. Esto es posible porque la aplicación no valida el contenido HTML ingresado por el usuario. • https://fluidattacks.com/advisories/drake https://www.npmjs.com/package/electron-pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1005 – JP1016 Markdown-Electron code injection
https://notcve.org/view.php?id=CVE-2023-1005
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/JP1016/Markdown-Electron/issues/3 https://vuldb.com/?ctiid.221738 https://vuldb.com/?id.221738 • CWE-94: Improper Control of Generation of Code ('Code Injection') •