Vertedindepublished

Name of the Vulnerable Software and Affected Versions Electron versions prior to 38.8.6, prior to 39.8.1, prior to 40.8.0, and prior to 41.0.0-beta.8 Description On macOS, the `app.moveToApplicationsFolder()` function used an AppleScript fallback path that did not correctly handle certain characters in the application bundle path. This could allow for arbitrary AppleScript execution when a user accepted the move-to-Applications prompt, if the application bundle path was crafted maliciously. Applications are only affected if they call the `app.moveToApplicationsFolder()` function. Recommendations Update to Electron version 38.8.6 or later. Update to Electron version 39.8.1 or later. Update to Electron version 40.8.0 or later. Update to Electron version 41.0.0-beta.8 or later.