CVE-2024-39698 | electron-userland electron-builder up to 6.3.0-alpha.5 windowsExecutableCodeSignatureVerifier.ts verifySignature variable name delimiters (GHSA-9jxc-qjr9-vjxq)

A vulnerability has been found in electron-userland electron-builder up to 6.3.0-alpha.5 and classified as critical. This vulnerability affects the function verifySignature of the file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts. The manipulation leads to improper neutralization of variable name delimiters.

This vulnerability was named CVE-2024-39698. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-39698 | electron-userland electron-builder up to 6.3.0-alpha.5 windowsExecutableCodeSignatureVerifier.ts verifySignature variable name delimiters (GHSA-9jxc-qjr9-vjxq)

Post correlati

CVE-2024-5837 | Google Chrome prior 126.0.6478.54 V8 type confusion (ID 342415)

CVE-2024-32969 | vantage6 up to 4.5.0rc2 access control

CVE-2024-24336 | Koha Library Management System up to 23.05.05 /members/moremember.pl cross site scripting

CVE-2021-47115 | Linux Kernel up to 5.12.9 nfc llcp_sock_getname null pointer dereference