VulnerAlert



APPS
30-06-2025 23:27

CVE-2024-46992 Vulnerabilidad documentada

7.8 HIGH
Tags
#exploit
#cross
#windows
#using
#source
#open
#javascript
#java
#form
#css
#apps
#application
#bypass
#vulnerable
#patched
#patch
#protect
#pass
#issue
#attack
#access
Descripción
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 31.0.0-alpha.1 31.0.0-beta.1, Electron vulnerable ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation onlyLoadAppFromAsar fuses enabled. Apps without these enabled are not impacted. issue specific Windows, on macOS Specifically this can be exploited if app launched from a filesystem attacker has write access too. i.e. ability edit files inside .app bundle which supposed protect against. been patched in 31.0.0-beta.1. There no workarounds issue.
https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
https://www.electronjs.org/docs/latest/tutorial/fuses
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2024-46992
Resultados similares
Coincidentes en almenos en 50% de los tags
25-06-2025
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities Multip...
Ver información
25-06-2025
Cisco Identity Services Engine Authorization Bypass Vulnerability A vulnerability in the w...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por