• caglararli@hotmail.com
  • 05386281520

CVE-2024-39698 | electron-userland electron-builder up to 6.3.0-alpha.5 windowsExecutableCodeSignatureVerifier.ts verifySignature variable name delimiters (GHSA-9jxc-qjr9-vjxq)

Çağlar Arlı      -    24 Views

CVE-2024-39698 | electron-userland electron-builder up to 6.3.0-alpha.5 windowsExecutableCodeSignatureVerifier.ts verifySignature variable name delimiters (GHSA-9jxc-qjr9-vjxq)

A vulnerability has been found in electron-userland electron-builder up to 6.3.0-alpha.5 and classified as critical. This vulnerability affects the function verifySignature of the file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts. The manipulation leads to improper neutralization of variable name delimiters. This vulnerability was named CVE-2024-39698. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.