CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh
installer script. NSExec by default searches the current directory of where the installer is located before searching PATH
. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file.
Fixed in https://github.com/electron-userland/electron-builder/pull/8059
None, it executes at the installer-level before the app is present on the system, so there’s no way to check if it exists in a current installer.
https://cwe.mitre.org/data/definitions/426.html
https://cwe.mitre.org/data/definitions/427
github.com/electron-userland/electron-builder
github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387
github.com/electron-userland/electron-builder/pull/8059
github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55
nvd.nist.gov/vuln/detail/CVE-2024-27303
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%