CVE-2024-46992

Name of the Vulnerable Software and Affected Versions: Electron versions 30.0.0-alpha.1 through 30.0.5 Electron versions 31.0.0-alpha.1 through 31.0.0-beta.1

Description: The issue is an ASAR Integrity bypass, which only impacts applications that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. This vulnerability is specific to Windows and can only be exploited if the application is launched from a filesystem that the attacker has write access to.

Recommendations: For Electron versions 30.0.0-alpha.1 through 30.0.5, update to version 30.0.5. For Electron versions 31.0.0-alpha.1 through 31.0.0-beta.1, update to version 31.0.0-beta.1. As a temporary workaround, consider restricting the use of the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses until a patch is applied.