Описание
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openjsf:packager:18.3.0:*:*:*:*:node.js:*:*
EPSS
Процентиль: 52%
0.00293
Низкий
7.5 High
CVSS3
Дефекты
CWE-402
NVD-CWE-Other
Связанные уязвимости
CVSS3: 7.5
github
почти 2 года назад
@electron/packager's build process memory potentially leaked into final executable
EPSS
Процентиль: 52%
0.00293
Низкий
7.5 High
CVSS3
Дефекты
CWE-402
NVD-CWE-Other