HIGH🇬🇧 English

CVE-2024-29900

CVSS 7.5v3.1pub. 2024-03-29upd. 2025-05-07

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Openjsf Packager

    APP
    Openjsf
    18.3.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-25244CRITICAL9.8PL ✓ten sam vendor

WebdriverIO: command injection w orkiestracji testów prowadzący do RCE

CVE-2026-13676HIGH7.5ten sam vendor

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family U...

CVE-2026-10796HIGH7.5ten sam vendor

nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the con...

CVE-2026-6322HIGH7.5ten sam vendor

fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitte...

CVE-2026-6321HIGH7.5ten sam vendor

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its n...