Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@electron/packager's build process memory potentially leaked into final executable
Vulnerability Description
Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
将私有的资源传输到一个新的空间(资源泄露)
Vulnerability Title
Electron Packager 安全漏洞
Vulnerability Description
Electron是个人开发者的一个用户编写跨平台桌面应用的 JavaScript 框架。该框架基于 nodejs 和 Chromium 可以使用HTML,CSS实现跨平台桌面应用的编写。 Electron Packager 18.3.1之前版本存在安全漏洞,该漏洞源于分配在已知缓冲区两侧的约 1-10kb 的 Node.js 堆内存随机段会将泄漏到最终的可执行文件中,该内存可能包含敏感信息,例如环境变量、机密文件等。
CVSS Information
N/A
Vulnerability Type
N/A