Lucene search

Veracode Vulnerability DatabaseVERACODE:46098

HistoryApr 01, 2024 - 4:00 a.m.

Information Leakage

2024-04-0104:00:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

information leakage

vulnerability

memory allocation

bundling process

sensitive information

environment variables

secret files

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

@electron/packager is vulnerable to Information Leakage. The vulnerability is due to improper memory allocation during the bundling process, which can expose sensitive information such as environment variables or secret files.

References

github.com/electron/packager/commit/d421d4bd3ced889a4143c5c3ab6d95e3be249eee

github.com/electron/packager/security/advisories/GHSA-34h3-8mw4-qw57

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46098