Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh
installer script. NSExec by default searches the current directory of where the installer is located before searching PATH
. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file.
Fixed in https://github.com/electron-userland/electron-builder/pull/8059
None, it executes at the installer-level before the app is present on the system, so there’s no way to check if it exists in a current installer.
https://cwe.mitre.org/data/definitions/426.html
https://cwe.mitre.org/data/definitions/427
CPE | Name | Operator | Version |
---|---|---|---|
app-builder-lib | lt | 24.13.2 |
github.com/advisories/GHSA-r4pf-3v7r-hh55
github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387
github.com/electron-userland/electron-builder/pull/8059
github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55
nvd.nist.gov/vuln/detail/CVE-2024-27303