CVE-2024-29900

Vulnerability Description

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.

Vulnerability Details

Published Date

March 29, 2024

Last Modified

August 02, 2024

Source

MITRE

Vendor

electron

Product

packager

External References

https://github.com/electron/packager/security/advisories/GHSA-34h3-8mw4-qw57
https://github.com/electron/packager/commit/d421d4bd3ced889a4143c5c3ab6d95e3be249eee

CVE-2024-29900

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment