CVE-2024-39698

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any environment variable found in command-line above. This creates a situation where verifySignature() can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*

Версия до 6.3.0 (исключая)

cpe:2.3:a:electron:electron-builder:6.3.0:alpha0:*:*:*:node.js:*:*

cpe:2.3:a:electron:electron-builder:6.3.0:alpha1:*:*:*:node.js:*:*

cpe:2.3:a:electron:electron-builder:6.3.0:alpha2:*:*:*:node.js:*:*

cpe:2.3:a:electron:electron-builder:6.3.0:alpha3:*:*:*:node.js:*:*

cpe:2.3:a:electron:electron-builder:6.3.0:alpha4:*:*:*:node.js:*:*

cpe:2.3:a:electron:electron-builder:6.3.0:alpha5:*:*:*:node.js:*:*

EPSS

Процентиль: 62%

0.00431

Низкий

7.5 High

CVSS3

Дефекты

CWE-154

CWE-295

Связанные уязвимости

GHSA-9jxc-qjr9-vjxq