CNNVD-202507-002 Information
CNNVD ID
CNNVD-202507-002
Related CVE
- CNNVD Published: 2025-07-01
Description (Chinese)
Electron是Electron开源的一个用户编写跨平台桌面应用的 JavaScript 框架。该框架基于 nodejs 和 Chromium 可以使用HTML,CSS实现跨平台桌面应用的编写。 Electron 30.0.0-alpha.1至30.0.5之前版本和31.0.0-alpha.1至31.0.0-beta.1之前版本存在安全漏洞,该漏洞源于ASAR完整性绕过,可能导致安全保护失效。
Description (English)
Electron is a JavaScript framework for a user from the Electron Open Source that prepares a cross-platform desktop application. The framework is based on nodejs and Chromium for the development of cross-platform desktop applications using HTML, CSS. Electron 30.0.0-alpha.1 to 30.0.5 and 31.0.0-alpha.1 to 31.0.0-beta.1 had a security loophole, which stemmed from the fact that the ASAR integrity had been bypassed and could result in security protection being rendered ineffective.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Electron
Published
2025-07-01
Last Modified
2026-02-24
References
https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc https://www.electronjs.org/docs/latest/tutorial/fuses https://access.redhat.com/security/cve/cve-2024-46992
Patch
https://github.com/electron/electron/releases
Share on: