Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2025/09/05 11:22 p.m.3 views

SUSE CVE-2025-55305

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impac...

6.1CVSS6.8AI score0.00267EPSS
Exploits0References3
NVD
NVD
added 2025/09/04 11:15 p.m.6 views

CVE-2025-55305

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impac...

6.1CVSS0.00267EPSS
Exploits0References9
OSV
OSV
added 2025/09/04 11:5 p.m.5 views

CVE-2025-55305 Electron is vulnerable to Code Injection via resource modification

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impac...

6.1CVSS6.9AI score0.00267EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2025/09/03 9:27 p.m.14 views

Electron has ASAR Integrity Bypass via resource modification

Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the...

6.1CVSS7AI score0.00267EPSS
Exploits0References11Affected Software1
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.5 views

Electron 安全漏洞

Electron is Electron open source a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. A security vulnerability exists in Electron versions prior to...

7.8CVSS6.4AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/06/30 5:54 p.m.9 views

electron ASAR Integrity bypass by just modifying the content

electron's ASAR Integrity can be bypass by modifying the content. Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macO...

7.8CVSS6.5AI score0.00105EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.10 views

PT-2025-27491 · Electron · Electron

Name of the Vulnerable Software and Affected Versions: Electron versions 30.0.0-alpha.1 through 30.0.5 Electron versions 31.0.0-alpha.1 through 31.0.0-beta.1 Description: The issue is an ASAR Integrity bypass, which only impacts applications that have the embeddedAsarIntegrityValidation and...

7.8CVSS7.2AI score0.00105EPSS
Exploits0References13
Cvelist
Cvelist
added 2023/12/01 9:45 p.m.40 views

CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...

6.1CVSS6.8AI score0.00207EPSS
Exploits0References3
Rows per page
Query Builder