Vertedinde

Name of the Vulnerable Software and Affected Versions Electron versions prior to 38.8.6, 39.8.3, 40.8.3, and 41.0.3 Description Applications using Electron that register custom protocol handlers via `protocol.handle()` / `protocol.registerSchemesAsPrivileged()` or modify response headers via `webRequest.onHeadersReceived` may be susceptible to HTTP response header injection if attacker-controlled input is reflected into a response header name or value. An attacker influencing a header value could inject additional response headers, potentially affecting cookies, content security policy, or cross-origin access controls. Applications that do not reflect external input into response headers are not affected. Recommendations Versions prior to 38.8.6: Validate or sanitize any untrusted input before including it in a response header name or value. Versions prior to 39.8.3: Validate or sanitize any untrusted input before including it in a response header name or value. Versions prior to 40.8.3: Validate or sanitize any untrusted input before including it in a response header name or value. Versions prior to 41.0.3: Validate or sanitize any untrusted input before including it in a response header name or value.

**Name of the Vulnerable Software and Affected Versions** Electron versions prior to 38.8.6, prior to 39.8.0, prior to 40.7.0, and prior to 41.0.0-beta.8 **Description** Electron applications allowing downloads and programmatic session destruction may experience a use-after-free condition. Specifically, if a session is terminated while a native save-file dialog is open during a download, dismissing the dialog can lead to dereferencing freed memory, potentially causing a crash or memory corruption. Applications that do not destroy sessions or permit downloads are not affected. **Recommendations** Update to Electron version 38.8.6 or later. Update to Electron version 39.8.0 or later. Update to Electron version 40.7.0 or later. Update to Electron version 41.0.0-beta.8 or later. Avoid destroying sessions while a download save dialog may be open. Cancel pending downloads before session teardown.