B3NCLOUD ARTICLE INTELLIGENCE

ARTICLEVIEW

Zurück zu News

CVE-2026-54673 - electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`

CVE ID :CVE-2026-54673 Published : June 30, 2026, 10:11 p.m. | 5 hours, 1 minute ago Description :electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key...

Original-Artikel öffnen Zurück zur Übersicht