CVE-2022-46330

Name of the Vulnerable Software and Affected Versions Squirrel.Windows versions 2.0.1 and earlier

Description The issue is related to the DLL search path in installers generated by Squirrel.Windows, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer. Squirrel.Windows is a toolset and library that provides installation and update functionality for Windows desktop applications.

Recommendations For Squirrel.Windows versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.