CVE-2024-46992
📋 TL;DR
This CVE describes an ASAR integrity bypass vulnerability in Electron that allows attackers to modify application files and potentially execute arbitrary code. Only affects Windows applications with embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled, and requires attacker write access to the application's filesystem location. macOS applications using these fuses are not impacted.
💻 Affected Systems
- Electron
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker gains arbitrary code execution by modifying ASAR files, potentially leading to full system compromise, data theft, or ransomware deployment.
Likely Case
Local privilege escalation or application compromise when attacker has write access to application directory, allowing code injection or data manipulation.
If Mitigated
No impact if fuses are disabled or application is on macOS, or if proper file permissions prevent unauthorized write access.
🎯 Exploit Status
Requires attacker to have write access to application filesystem location and knowledge of fuse configuration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 30.0.5 or 31.0.0-beta.1
Vendor Advisory: https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc
Restart Required: Yes
Instructions:
1. Update Electron to version 30.0.5 or 31.0.0-beta.1 or later. 2. Rebuild your application with the updated Electron version. 3. Redeploy the patched application to all affected systems.
🔧 Temporary Workarounds
Disable vulnerable fuses
allDisable embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses in your Electron app configuration
Modify fuse configuration in your app's main process or package.json to disable these fuses
🧯 If You Can't Patch
- Restrict file system permissions to prevent unauthorized write access to Electron application directories
- Implement application allowlisting and monitor for unauthorized modifications to ASAR files
🔍 How to Verify
Check if Vulnerable:
Check Electron version with 'electron -v' or inspect package.json. Verify if embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled in app configuration.Check Version:
electron -v or check package.json dependenciesVerify Fix Applied:
Confirm Electron version is 30.0.5 or 31.0.0-beta.1 or later, and verify application still functions with fuses enabled.📡 Detection & Monitoring
Log Indicators:
- Unexpected ASAR file modifications
- Application integrity check failures
- Unusual process execution from Electron app directory
Network Indicators:
- None - this is a local file system vulnerability
SIEM Query:
File modification events in Electron application directories, particularly .asar file changes on Windows systems