CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39698 – Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
https://notcve.org/view.php?id=CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. • https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41 https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f https://github.com/electron-userland/electron-builder/pull/8295 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq • CWE-154: Improper Neutralization of Variable Name Delimiters •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27303 – electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
https://notcve.org/view.php?id=CVE-2024-27303
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. • https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 https://github.com/electron-userland/electron-builder/pull/8059 https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1648 – electron-pdf 20.0.0 - Local File Read via Server Side XSS
https://notcve.org/view.php?id=CVE-2024-1648
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. electron-pdf versión 20.0.0 permite a un atacante externo obtener de forma remota archivos locales arbitrarios. Esto es posible porque la aplicación no valida el contenido HTML ingresado por el usuario. • https://fluidattacks.com/advisories/drake https://www.npmjs.com/package/electron-pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1005 – JP1016 Markdown-Electron code injection
https://notcve.org/view.php?id=CVE-2023-1005
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://github.com/JP1016/Markdown-Electron/issues/3 https://vuldb.com/?ctiid.221738 https://vuldb.com/?id.221738 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25908
https://notcve.org/view.php?id=CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. Todas las versiones del paquete create-choo-electron son vulnerables a la inyección de comandos a través de la función devInstall debido a una sanitización inadecuada de la entrada del usuario. • https://security.snyk.io/vuln/SNYK-JS-CREATECHOOELECTRON-3157953 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •