A vulnerability has been found in electron-userland electron-builder up to 6.3.0-alpha.5 and classified as critical. This vulnerability affects the function
verifySignature
of the file packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts. The manipulation leads to improper neutralization of variable name delimiters.
This vulnerability was named CVE-2024-39698. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.