16 matches found
CVE-2026-54673
The CVE affects electron-updater (builder-util-runtime component) prior to version 9.7.0. The root cause is that HttpExecutor.prepareRedirectUrlOptions only stripped a credential header named exactly the lowercase string “authorization.” Other credential-bearing headers, notably PRIVATE-TOKEN and...
PT-2026-54018
Name of the Vulnerable Software and Affected Versions electron-updater versions prior to 26.15.0 Description AppImage targets built by app-builder-lib can use an empty path component when setting the LD LIBRARY PATH environment variable at runtime. This behavior causes the current working directo...
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
EUVD-2024-2310
Malicious code in bioql PyPI...
Improper Verification Of Cryptographic Signature
electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698
The CVE-2024-39698 entry concerns a Windows code-signing bypass in electron-updater. A flaw in the verification routine in packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts arises because the surrounding shell (cmd.exe) expands environment variables in the command line, enab...
electron-updater Code Signing Bypass on Windows
Observations The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. It executes the following command in a new shell process.env.ComSpec on Windows, usually C:\Windows\System32\cmd.exe:...
PT-2024-28636 · Unknown · Electron-Updater
Name of the Vulnerable Software and Affected Versions: electron-updater versions prior to 6.3.0-alpha.6 Description: The issue concerns the signature validation routine for Electron applications on Windows, implemented in the file...
@philipplgh/electron-app-manager (>=0.12.0 <=0.56.0), electron-app-manager (>=0.56.0 <=0.57.1) +4 more potentially affected by unknown CVE via electron-updater (>=4.0.0 <=4.1.2)
electron-updater NPM version =4.0.0, =0.12.0, =0.56.0, =0.0.2, =4.0.3, =1.0.0, =1.3.1 Source cves: unknown CVE Source advisory: SNYK:JS-ELECTRONUPDATER-567704...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...
@philipplgh/electron-app-manager (>=0.12.0 <=0.56.0), electron-app-manager (>=0.56.0 <=0.57.1) +4 more potentially affected by unknown CVE via electron-updater (>=4.0.0 <=4.1.2)
electron-updater NPM version =4.0.0, =0.12.0, =0.56.0, =0.0.2, =4.0.3, =1.0.0, =1.3.1 Source cves: unknown CVE Source advisory: SNYK:JS-ELECTRONUPDATER-561421...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...