CVE-2024-29900

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 29, 2024

Updated: Apr 1, 2024

CWE ID 402

Summary

CVE-2024-29900 is a vulnerability affecting Electron Packager, a tool used to bundle Electron-based applications for distribution. The issue allows for the leakage of up to 10kb of Node.js heap memory adjacent to a known buffer into the final executable. This memory may contain sensitive information such as environment variables or secret files. The vulnerability has been addressed in the 18.3.1 release.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vFlDG9
https://www.cve.org/CVERecord?id=CVE-2024-29900
https://nvd.nist.gov/vuln/detail/CVE-2024-29900

Back to Vulnerability Database

CVE-2024-29900

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations