{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T22:04:37.603","vulnerabilities":[{"cve":{"id":"CVE-2024-39698","sourceIdentifier":"security-advisories@github.com","published":"2024-07-09T18:15:10.863","lastModified":"2024-11-21T09:28:14.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6."},{"lang":"es","value":"electron-updater permite actualizaciones automáticas para las aplicaciones de Electron. El archivo `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implementa la rutina de validación de firmas para aplicaciones Electron en Windows. Debido al shell circundante, un primer paso por `cmd.exe` expande cualquier variable de entorno que se encuentre en la línea de comandos anterior. Esto crea una situación en la que se puede engañar a `verifySignature()` para que valide el certificado de un archivo diferente al que se acaba de descargar. Si el paso tiene éxito, la actualización maliciosa se ejecutará incluso si su firma no es válida. Este ataque supone un manifiesto de actualización comprometido (compromiso del servidor, ataque Man-in-the-Middle si se obtiene a través de HTTP, Cross Site Scripting para apuntar la aplicación a un servidor de actualización malicioso, etc.). El parche está disponible a partir de 6.3.0-alpha.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-154"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:*:*:*:*:*:node.js:*:*","versionEndExcluding":"6.3.0","matchCriteriaId":"F77447F6-4E3F-468E-BBBB-AB248C06CF1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha0:*:*:*:node.js:*:*","matchCriteriaId":"801B3F79-555D-4FCB-B854-227E8D3FDD9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha1:*:*:*:node.js:*:*","matchCriteriaId":"3B939D2F-400E-478C-8F45-568D5B7C5756"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha2:*:*:*:node.js:*:*","matchCriteriaId":"4ECAF72F-A2E1-4D12-9797-CA1461931579"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha3:*:*:*:node.js:*:*","matchCriteriaId":"E03022BB-203E-4750-BCD1-493971C95559"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha4:*:*:*:node.js:*:*","matchCriteriaId":"587F242D-22D2-4BE6-BCF0-87C2865546E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:electron:electron-builder:6.3.0:alpha5:*:*:*:node.js:*:*","matchCriteriaId":"116D170A-CD87-484A-864E-5CA0D198C947"}]}]}],"references":[{"url":"https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/electron-userland/electron-builder/pull/8295","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/electron-userland/electron-builder/blob/140e2f0eb0df79c2a46e35024e96d0563355fc89/packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts#L35-L41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://github.com/electron-userland/electron-builder/commit/ac2e6a25aa491c1ef5167a552c19fc2085cd427f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/electron-userland/electron-builder/pull/8295","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/electron-userland/electron-builder/security/advisories/GHSA-9jxc-qjr9-vjxq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}