Home > Vulnerability Database > CVE-2024-29900

Mend.io Vulnerability Database

CVE-2024-29900

Good to know:

Date: March 29, 2024

Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.

Language: TYPE_SCRIPT

Severity Score

7.5

Related Resources (5)

Url: https://github.com/electron/packager/security/advisories/GHSA-34h3-8mw4-qw57

Url: https://github.com/electron/packager/commit/d421d4bd3ced889a4143c5c3ab6d95e3be249eee

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29900

Url: https://github.com/electron/packager

Url: https://www.mend.io/vulnerability-database/CVE-2024-29900

Severity Score

7.5

Weakness Type (CWE)

Transmission of Private Resources into a New Sphere ('Resource Leak')

CWE-402

Top Fix

Upgrade Version

Upgrade to version @electron/packager - 18.3.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29900

Good to know:

Date: March 29, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?