[NPM:GHSA-34H3-8MW4-QW57] @electron/packager's build process memory potentially leaked into final executable

Severity High
Affected Packages 1
Fixed Packages 1
CVEs 1

Impact

A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory could contain sensitive information such as environment variables, secrets files, etc.

Patches

This issue is patched in 18.3.1

Workarounds

No workarounds, please update to a patched version of @electron/packager immediately if impacated.

Package Affected Version
pkg:npm/%40electron/packager = 18.3.0
Package Fixed Version
pkg:npm/%40electron/packager = 18.3.1
ID
NPM:GHSA-34H3-8MW4-QW57
Severity
high
URL
https://github.com/advisories/GHSA-34h3-8mw4-qw57
Published
2024-03-29T20:16:22
(3 weeks ago)
Modified
2024-03-29T20:16:23
(3 weeks ago)
Rights
NPM Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:npm/%40electron/packager @electron packager = 18.3.0
Fixed pkg:npm/%40electron/packager @electron packager = 18.3.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...