Electron HTTP Response Header Injection Vulnerability in Custom Protocol Handlers

A vulnerability allowing HTTP response header injection has been identified in Electron applications that register custom protocol handlers or modify response headers. This issue affects versions of Electron prior to 38.8.6, as well as versions 39.0.0-alpha.1 through 39.8.3, 40.0.0-alpha.1 through 40.8.3, and 41.0.0-alpha.1 through 41.0.3. The vulnerability arises when attacker-controlled input is reflected into a response header name or value, potentially allowing the injection of additional response headers that could impact cookies, content security policy, or cross-origin access controls. Applications that do not reflect external input into response headers are not vulnerable.

Impact

Exploitation of this vulnerability could lead to HTTP response header injection, allowing an attacker to manipulate response headers in a way that could affect cookies, content security policy, or cross-origin access controls.

Remediation

Users can update to Electron versions 38.8.6, 39.8.3, 40.8.3, or 41.0.3 to address this vulnerability. For applications that cannot be updated, it is recommended to validate or sanitize any untrusted input before including it in a response header name or value.