CVEbaza.plCWE DictionaryCWE-154
Common Weakness Enumeration

CWE-154

Improper Neutralization of Variable Name Delimiters

Category: VariantCVE: 1
Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable name delimiters when they are sent to a downstream component.

Extended Description

As data is parsed, an injected delimiter may cause the process to take unexpected actions that result in an attack. Example: "$" for an environment variable.

CVE vulnerabilities with CWE-154 (1)
7.5
CVSS
HIGH
CVE-2024-39698

electron-updater allows for automatic updates for Electron apps. The file `packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts` implements the signature validation routine for Electron applications on Windows. Because of the surrounding shell, a first pass by `cmd.exe` expands any environment variable found in command-line above. This creates a situation where `verifySignature()` can be tricked into validating the certificate of a different file than the one that was just downloaded. If the step is successful, the malicious update will be executed even if its signature is invalid. This attack assumes a compromised update manifest (server compromise, Man-in-the-Middle attack if fetched over HTTP, Cross-Site Scripting to point the application to a malicious updater server, etc.). The patch is available starting from 6.3.0-alpha.6.

pub. 2024-07-09
Information
ID: CWE-154
Type: Variant
Vulnerabilities: 1
MITRE CWE ↗
← CWE Dictionary