CVE-2024-29900
CVSS v3.1
7.5 (High)
EPSS
0.04 % (10th)
Advisories
1
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.
Weaknesses
- CWE-402
- Transmission of Private Resources into a New Sphere ('Resource Leak')
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2024-03-29 16:15:08
(5 months ago) - Updated Date
-
2024-04-01 01:12:59
(5 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...