CVSS 3.1 Score 7.3 of 10 (high)


Published Mar 6, 2024
CWE ID 427
CWE ID 426


CVE-2024-27303 is a vulnerability that affects electron-builder prior to version 24.13.2 in Windows. The vulnerability occurs in the NSIS installer script, where a system call is made to open cmd.exe via NSExec. By default, NSExec searches the current directory of the installer before searching PATH. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. The issue is fixed in version 24.13.2, and there is no known workaround for this vulnerability. It poses a high risk to organizations as it allows an attacker to execute arbitrary code on the system during the installation process, potentially leading to unauthorized access, data leakage, or system compromise.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27303 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options