Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fuwj-56jp-tyds

Summary

electron ASAR Integrity bypass by just modifying the content
electron's ASAR Integrity can be bypass by modifying the content.

### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are unimpacted.

Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version of Electron.

### Fixed Versions
* `30.0.5`
* `31.0.0-beta.1`

### For more information
If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org)

Aliases

alias	CVE-2024-46992

alias	GHSA-xw5q-g62x-2qjc

Fixed_packages

url pkg:npm/electron@30.0.5

purl pkg:npm/electron@30.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.5

url pkg:npm/electron@31.0.0-beta.1

purl pkg:npm/electron@31.0.0-beta.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-beta.1

Affected_packages

url pkg:npm/electron@30.0.0-alpha.1

purl pkg:npm/electron@30.0.0-alpha.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.1

url pkg:npm/electron@30.0.0-alpha.2

purl pkg:npm/electron@30.0.0-alpha.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.2

url pkg:npm/electron@30.0.0-alpha.3

purl pkg:npm/electron@30.0.0-alpha.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.3

url pkg:npm/electron@30.0.0-alpha.4

purl pkg:npm/electron@30.0.0-alpha.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.4

url pkg:npm/electron@30.0.0-alpha.5

purl pkg:npm/electron@30.0.0-alpha.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.5

url pkg:npm/electron@30.0.0-alpha.6

purl pkg:npm/electron@30.0.0-alpha.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.6

url pkg:npm/electron@30.0.0-alpha.7

purl pkg:npm/electron@30.0.0-alpha.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-alpha.7

url pkg:npm/electron@30.0.0-beta.1

purl pkg:npm/electron@30.0.0-beta.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.1

url pkg:npm/electron@30.0.0-beta.2

purl pkg:npm/electron@30.0.0-beta.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.2

url pkg:npm/electron@30.0.0-beta.3

purl pkg:npm/electron@30.0.0-beta.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.3

url pkg:npm/electron@30.0.0-beta.4

purl pkg:npm/electron@30.0.0-beta.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.4

url pkg:npm/electron@30.0.0-beta.5

purl pkg:npm/electron@30.0.0-beta.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.5

url pkg:npm/electron@30.0.0-beta.6

purl pkg:npm/electron@30.0.0-beta.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.6

url pkg:npm/electron@30.0.0-beta.7

purl pkg:npm/electron@30.0.0-beta.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.7

url pkg:npm/electron@30.0.0-beta.8

purl pkg:npm/electron@30.0.0-beta.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0-beta.8

url pkg:npm/electron@30.0.0

purl pkg:npm/electron@30.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.0

url pkg:npm/electron@30.0.1

purl pkg:npm/electron@30.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.1

url pkg:npm/electron@30.0.2

purl pkg:npm/electron@30.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-j7d6-zp3s-67fq

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.2

url pkg:npm/electron@30.0.3

purl pkg:npm/electron@30.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.3

url pkg:npm/electron@30.0.4

purl pkg:npm/electron@30.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@30.0.4

url pkg:npm/electron@31.0.0-alpha.1

purl pkg:npm/electron@31.0.0-alpha.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-alpha.1

url pkg:npm/electron@31.0.0-alpha.2

purl pkg:npm/electron@31.0.0-alpha.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-alpha.2

url pkg:npm/electron@31.0.0-alpha.3

purl pkg:npm/electron@31.0.0-alpha.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-alpha.3

url pkg:npm/electron@31.0.0-alpha.4

purl pkg:npm/electron@31.0.0-alpha.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-alpha.4

url pkg:npm/electron@31.0.0-alpha.5

purl pkg:npm/electron@31.0.0-alpha.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fuwj-56jp-tyds

vulnerability	VCID-qd52-rbd7-qkbn

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/electron@31.0.0-alpha.5

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-46992

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03912
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0381
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03822
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03837
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03842
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03867
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0383
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03783
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03764
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03788
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-46992

reference_url

https://github.com/electron/electron

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/electron/electron

reference_url

https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/

url

https://github.com/electron/electron/security/advisories/GHSA-xw5q-g62x-2qjc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-46992

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-46992

reference_url

https://www.electronjs.org/docs/latest/tutorial/fuses

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-01T14:32:53Z/

url

https://www.electronjs.org/docs/latest/tutorial/fuses

reference_url

https://github.com/advisories/GHSA-xw5q-g62x-2qjc

reference_id

GHSA-xw5q-g62x-2qjc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xw5q-g62x-2qjc

Weaknesses

cwe_id	354
name	Improper Validation of Integrity Check Value
description	The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuwj-56jp-tyds

Vulnerability Instance