14 matches found
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
EUVD-2024-2310
Malicious code in bioql PyPI...
Improper Verification Of Cryptographic Signature
electron-updater is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is caused due to improper handling and comparison of file paths, allowing an attacker to bypass signature verification by exploiting environment variable expansion and tricking the application in...
CVE-2024-39698
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698
The CVE-2024-39698 entry concerns a Windows code-signing bypass in electron-updater. A flaw in the verification routine in packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts arises because the surrounding shell (cmd.exe) expands environment variables in the command line, enab...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
CVE-2024-39698 Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6
electron-updater allows for automatic updates for Electron apps. The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by cmd.exe expands any...
electron-updater Code Signing Bypass on Windows
Observations The file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts implements the signature validation routine for Electron applications on Windows. It executes the following command in a new shell process.env.ComSpec on Windows, usually C:\Windows\System32\cmd.exe:...
PT-2024-28636 · Unknown · Electron-Updater
Name of the Vulnerable Software and Affected Versions: electron-updater versions prior to 6.3.0-alpha.6 Description: The issue concerns the signature validation routine for Electron applications on Windows, implemented in the file...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...
@philipplgh/electron-app-manager (>=0.12.0 <=0.56.0), electron-app-manager (>=0.56.0 <=0.57.1) +4 more potentially affected by unknown CVE via electron-updater (>=4.0.0 <=4.1.2)
electron-updater NPM version =4.0.0, =0.12.0, =0.56.0, =0.0.2, =4.0.3, =1.0.0, =1.3.1 Source cves: unknown CVE Source advisory: SNYK:JS-ELECTRONUPDATER-567704...
Signature Validation Bypass
Overview electron-updater is a module allowing applications to implement auto-update functionality. Affected versions of this package are vulnerable to Signature Validation Bypass. The signature verification check is based on a string comparison between the installed binary’s publisherName and th...
@philipplgh/electron-app-manager (>=0.12.0 <=0.56.0), electron-app-manager (>=0.56.0 <=0.57.1) +4 more potentially affected by unknown CVE via electron-updater (>=4.0.0 <=4.1.2)
electron-updater NPM version =4.0.0, =0.12.0, =0.56.0, =0.0.2, =4.0.3, =1.0.0, =1.3.1 Source cves: unknown CVE Source advisory: SNYK:JS-ELECTRONUPDATER-561421...