← back
CVE-2024-37391

CVE-2024-37391

CVSS 7.8 HIGHEPSS 0.3%CWE-78
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ProtonVPN/win-app/commit/2e4e25036842aaf48838c6a59f14671b86c20aa7https://github.com/ProtonVPN/win-app/compare/3.2.9...3.2.10