CVE-2024-27303

EPSS 0.28%
Veröffentlicht 06.03.2024 19:15:08
Zuletzt bearbeitet 03.12.2025 20:50:26
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electron ≫ Electron-builder SwPlatformnode.js Version < 24.13.2

Microsoft ≫ Windows Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387

Patch

https://github.com/electron-userland/electron-builder/pull/8059

Issue Tracking

https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27303

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27303

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27303

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-27303