Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by electron-userland

    CVE-2026-54673 (GCVE-0-2026-54673)

    Vulnerability from nvd – Published: 2026-06-30 22:11 – Updated: 2026-07-01 13:26
    VLAI
    Title
    electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`
    Summary
    electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers — most notably PRIVATE-TOKEN (used by GitLab's personal access token flow) and mixed-case Authorization (used by GitLab's Bearer/OAuth flow) — were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54673",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:26:40.473989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:26:49.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            },
            {
              "product": "builder-util-runtime",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 9.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase \"authorization\", exposing credentials. Other credential-bearing headers \u2014 most notably PRIVATE-TOKEN (used by GitLab\u0027s personal access token flow) and mixed-case Authorization (used by GitLab\u0027s Bearer/OAuth flow) \u2014 were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:12:18.294Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/22a7532bd01b9fb42cff7c58d599c7ad683569fe",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/22a7532bd01b9fb42cff7c58d599c7ad683569fe"
            }
          ],
          "source": {
            "advisory": "GHSA-p2f4-r6v6-j797",
            "discovery": "UNKNOWN"
          },
          "title": "electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54673",
        "datePublished": "2026-06-30T22:11:37.587Z",
        "dateReserved": "2026-06-15T22:53:58.560Z",
        "dateUpdated": "2026-07-01T13:26:49.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54672 (GCVE-0-2026-54672)

    Vulnerability from nvd – Published: 2026-06-30 22:15 – Updated: 2026-07-01 13:47
    VLAI
    Title
    electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`
    Summary
    electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes the current working directory to be added to the dynamic linker search path, which may allow an attacker to execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched. This issue has been fixed in version 26.15.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:47:32.923006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:47:40.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            },
            {
              "product": "app-builder-lib",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes the current working directory to be added to the dynamic linker search path, which may allow an attacker to execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched. This issue has been fixed in version 26.15.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:15:03.264Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-7g7r-gx96-252g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-7g7r-gx96-252g"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/01b8ba979",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/01b8ba979"
            }
          ],
          "source": {
            "advisory": "GHSA-7g7r-gx96-252g",
            "discovery": "UNKNOWN"
          },
          "title": "electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54672",
        "datePublished": "2026-06-30T22:15:03.264Z",
        "dateReserved": "2026-06-15T22:53:58.560Z",
        "dateUpdated": "2026-07-01T13:47:40.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39698 (GCVE-0-2024-39698)

    Vulnerability from nvd – Published: 2024-07-09 17:50 – Updated: 2024-08-02 04:26
    VLAI
    Title
    Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
    Summary
    electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-154 - Improper Neutralization of Variable Name Delimiters
    Assigner
    Impacted products
    Vendor Product Version
    electron-userland electron-builder Affected: < 6.3.0-alpha.6
    Create a notification for this product.
    electron electron Affected: 0 , < 6.3.0-alpha.6 (custom)
        cpe:2.3:a:electron:electron:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:electron:electron:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "electron",
                "vendor": "electron",
                "versions": [
                  {
                    "lessThan": "6.3.0-alpha.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39698",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T14:40:10.938790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T14:41:06.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/pull/8295",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/pull/8295"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.3.0-alpha.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-154",
                  "description": "CWE-154: Improper Neutralization of Variable Name Delimiters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T17:50:28.169Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/pull/8295",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/pull/8295"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41"
            }
          ],
          "source": {
            "advisory": "GHSA-9jxc-qjr9-vjxq",
            "discovery": "UNKNOWN"
          },
          "title": "Code Signing Bypass on Windows in electron-updater \u003c 6.3.0-alpha.6"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39698",
        "datePublished": "2024-07-09T17:50:28.169Z",
        "dateReserved": "2024-06-27T18:44:13.037Z",
        "dateUpdated": "2024-08-02T04:26:15.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27303 (GCVE-0-2024-27303)

    Vulnerability from nvd – Published: 2024-03-06 18:35 – Updated: 2024-08-13 17:12
    VLAI
    Title
    electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
    Summary
    electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-426 - Untrusted Search Path
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    electron-userland electron-builder Affected: < 24.13.2
    Create a notification for this product.
    electron electron-builder Affected: 0 , < 24.13.2 (custom)
        cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/pull/8059",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/pull/8059"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "electron-builder",
                "vendor": "electron",
                "versions": [
                  {
                    "lessThan": "24.13.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27303",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:09:00.747801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T17:12:24.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.13.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there\u0027s no way to check if it exists in a current installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T18:35:37.973Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/pull/8059",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/pull/8059"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
            }
          ],
          "source": {
            "advisory": "GHSA-r4pf-3v7r-hh55",
            "discovery": "UNKNOWN"
          },
          "title": "electron-builder\u0027s NSIS installer - execute arbitrary code on the target machine (Windows only)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-27303",
        "datePublished": "2024-03-06T18:35:37.973Z",
        "dateReserved": "2024-02-22T18:08:38.875Z",
        "dateUpdated": "2024-08-13T17:12:24.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-54672 (GCVE-0-2026-54672)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:15 – Updated: 2026-07-01 13:47
    VLAI
    Title
    electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`
    Summary
    electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes the current working directory to be added to the dynamic linker search path, which may allow an attacker to execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched. This issue has been fixed in version 26.15.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:47:32.923006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:47:40.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            },
            {
              "product": "app-builder-lib",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LD_LIBRARY_PATH environment variable at runtime. This causes the current working directory to be added to the dynamic linker search path, which may allow an attacker to execute arbitrary code by placing a malicious shared library in the directory from which the AppImage is launched. This issue has been fixed in version 26.15.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:15:03.264Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-7g7r-gx96-252g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-7g7r-gx96-252g"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/01b8ba979",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/01b8ba979"
            }
          ],
          "source": {
            "advisory": "GHSA-7g7r-gx96-252g",
            "discovery": "UNKNOWN"
          },
          "title": "electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54672",
        "datePublished": "2026-06-30T22:15:03.264Z",
        "dateReserved": "2026-06-15T22:53:58.560Z",
        "dateUpdated": "2026-07-01T13:47:40.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54673 (GCVE-0-2026-54673)

    Vulnerability from cvelistv5 – Published: 2026-06-30 22:11 – Updated: 2026-07-01 13:26
    VLAI
    Title
    electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`
    Summary
    electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers — most notably PRIVATE-TOKEN (used by GitLab's personal access token flow) and mixed-case Authorization (used by GitLab's Bearer/OAuth flow) — were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54673",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T13:26:40.473989Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T13:26:49.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 26.15.0"
                }
              ]
            },
            {
              "product": "builder-util-runtime",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 9.7.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase \"authorization\", exposing credentials. Other credential-bearing headers \u2014 most notably PRIVATE-TOKEN (used by GitLab\u0027s personal access token flow) and mixed-case Authorization (used by GitLab\u0027s Bearer/OAuth flow) \u2014 were not stripped and could be forwarded to an attacker-controlled cross-origin redirect destination. This issue has been fixed in version 9.7.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T22:12:18.294Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-p2f4-r6v6-j797"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/22a7532bd01b9fb42cff7c58d599c7ad683569fe",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/22a7532bd01b9fb42cff7c58d599c7ad683569fe"
            }
          ],
          "source": {
            "advisory": "GHSA-p2f4-r6v6-j797",
            "discovery": "UNKNOWN"
          },
          "title": "electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-54673",
        "datePublished": "2026-06-30T22:11:37.587Z",
        "dateReserved": "2026-06-15T22:53:58.560Z",
        "dateUpdated": "2026-07-01T13:26:49.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39698 (GCVE-0-2024-39698)

    Vulnerability from cvelistv5 – Published: 2024-07-09 17:50 – Updated: 2024-08-02 04:26
    VLAI
    Title
    Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
    Summary
    electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-154 - Improper Neutralization of Variable Name Delimiters
    Assigner
    Impacted products
    Vendor Product Version
    electron-userland electron-builder Affected: < 6.3.0-alpha.6
    Create a notification for this product.
    electron electron Affected: 0 , < 6.3.0-alpha.6 (custom)
        cpe:2.3:a:electron:electron:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:electron:electron:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "electron",
                "vendor": "electron",
                "versions": [
                  {
                    "lessThan": "6.3.0-alpha.6",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39698",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T14:40:10.938790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T14:41:06.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/pull/8295",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/pull/8295"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.3.0-alpha.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-154",
                  "description": "CWE-154: Improper Neutralization of Variable Name Delimiters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T17:50:28.169Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/pull/8295",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/pull/8295"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41"
            }
          ],
          "source": {
            "advisory": "GHSA-9jxc-qjr9-vjxq",
            "discovery": "UNKNOWN"
          },
          "title": "Code Signing Bypass on Windows in electron-updater \u003c 6.3.0-alpha.6"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-39698",
        "datePublished": "2024-07-09T17:50:28.169Z",
        "dateReserved": "2024-06-27T18:44:13.037Z",
        "dateUpdated": "2024-08-02T04:26:15.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-27303 (GCVE-0-2024-27303)

    Vulnerability from cvelistv5 – Published: 2024-03-06 18:35 – Updated: 2024-08-13 17:12
    VLAI
    Title
    electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
    Summary
    electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-426 - Untrusted Search Path
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    electron-userland electron-builder Affected: < 24.13.2
    Create a notification for this product.
    electron electron-builder Affected: 0 , < 24.13.2 (custom)
        cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:27:59.901Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/pull/8059",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/pull/8059"
              },
              {
                "name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "electron-builder",
                "vendor": "electron",
                "versions": [
                  {
                    "lessThan": "24.13.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27303",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-07T20:09:00.747801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-13T17:12:24.776Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "electron-builder",
              "vendor": "electron-userland",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 24.13.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there\u0027s no way to check if it exists in a current installer."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426: Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-06T18:35:37.973Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/pull/8059",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/pull/8059"
            },
            {
              "name": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387"
            }
          ],
          "source": {
            "advisory": "GHSA-r4pf-3v7r-hh55",
            "discovery": "UNKNOWN"
          },
          "title": "electron-builder\u0027s NSIS installer - execute arbitrary code on the target machine (Windows only)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-27303",
        "datePublished": "2024-03-06T18:35:37.973Z",
        "dateReserved": "2024-02-22T18:08:38.875Z",
        "dateUpdated": "2024-08-13T17:12:24.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }