Skip to main content

Untrusted Search Path


Severity High
Score 7.3/10


The electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects app-builder-lib in Windows, the NSIS installer makes a system call to open "cmd.exe" via "NSExec" in the ".nsh" installer script. "NSExec" by default searches the current directory of where the installer is located before searching "PATH". This means that if an attacker can place a malicious executable file named "cmd.exe" in the same folder as the installer, the installer will run the malicious file. This vulnerability affects app-builder-lib package versions prior to 24.13.2. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer.

  • LOW
  • HIGH
  • LOW
  • HIGH
  • HIGH

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

Advisory Timeline

  • Published