CVE-2023-39956

Name of the Vulnerable Software and Affected Versions Electron versions prior to 26.0.0-beta.13 Electron versions prior to 25.5.0 Electron versions prior to 24.7.1 Electron versions prior to 23.3.13 Electron versions prior to 22.3.19

Description The issue is related to improper code generation control in the Electron framework, which allows an attacker to execute arbitrary code. This can only be exploited if the app is launched with an attacker-controlled working directory and the attacker has the ability to write files to that working directory. The risk is considered low, but the issue is being treated with higher importance due to its ability to bypass certain protections like ASAR Integrity.

Recommendations For versions prior to 26.0.0-beta.13, update to version 26.0.0-beta.13 or later. For versions prior to 25.5.0, update to version 25.5.0 or later. For versions prior to 24.7.1, update to version 24.7.1 or later. For versions prior to 23.3.13, update to version 23.3.13 or later. For versions prior to 22.3.19, update to version 22.3.19 or later. As a temporary workaround, consider restricting access to the working directory to minimize the risk of exploitation.