2 matches found
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...
CVE-2026-34779
CVE-2026-34779 affects Electron on macOS prior to patches 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. The vulnerability arises in the AppleScript fallback path used by app.moveToApplicationsFolder(), which failed to properly handle certain characters in the application bundle path. Under specific ...