Lucene search

CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6

🗓️ 09 Jul 2024 17:28:50Reported by GitHub_MType

Code signing bypass vulnerability in electron-update

Reporter	Title	Published	Views	Family All 7
OSV	GHSA-9JXC-QJR9-VJXQ electron-updater Code Signing Bypass on Windows	9 Jul 202417:48	–	osv
OSV	CVE-2024-39698	9 Jul 202418:15	–	osv
Vulnrichment	CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6	9 Jul 202417:50	–	vulnrichment
NVD	CVE-2024-39698	9 Jul 202418:15	–	nvd
CVE	CVE-2024-39698	9 Jul 202418:15	–	cve
Veracode	Improper Verification Of Cryptographic Signature	10 Jul 202409:10	–	veracode
Github Security Blog	electron-updater Code Signing Bypass on Windows	9 Jul 202417:48	–	github

[
  {
    "vendor": "electron-userland",
    "product": "electron-builder",
    "versions": [
      {
        "version": "< 6.3.0-alpha.6",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f
github	www.github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq
github	www.github.com/electron-userland/electron-builder/pull/8295
github	www.github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Jul 2024 17:50Current

CVSS37.5

EPSS0.00069

CWE-154