SCA: security update for electron (GHSA-6r2x-8pq8-9489)

high Tenable Self-Hosted Container Security Plugin ID 428266

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Electron is an open source framework for writing cross-platform desktop applications using JavaScript,
HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and
nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer
overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer
overflow if an attacker is in control of the image's height, width, and contents. This issue has been
patched in versions 28.3.2, 29.3.3, and 30.0.3. There are no workarounds for this issue. (CVE-2024-46993)

See Also

https://github.com/advisories/GHSA-6r2x-8pq8-9489

Plugin Details

Severity: High

ID: 428266

Version: Revision 1.11

Type: Local

Family: SCA Checks

Published: 6/30/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.49

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-46993

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.3

Threat Score: 4.4

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/30/2025

Vulnerability Publication Date: 6/30/2025

Reference Information

CVE: CVE-2024-46993

cwe: CWE-122