Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-r4pf-3v7r-hh55

GitHub Security Advisory

electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file.

### Patches
Fixed in https://github.com/electron-userland/electron-builder/pull/8059

### Workarounds
None, it executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.

### References
https://cwe.mitre.org/data/definitions/426.html
https://cwe.mitre.org/data/definitions/427

Affected Packages

npm app-builder-lib
Affected versions: 0 (fixed in 24.13.2)

Related CVEs

CVE-2024-27303

Key Information

GHSA ID
GHSA-r4pf-3v7r-hh55
Published
March 4, 2024 8:42 PM
Last Modified
March 6, 2024 9:36 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
app-builder-lib
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 12, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.