CVE-2018-15685

Name of the Vulnerable Software and Affected Versions GitHub Electron versions 1.7.15 through 1.7.15 GitHub Electron versions 1.8.7 through 1.8.7 GitHub Electron versions 2.0.7 through 2.0.7 GitHub Electron versions 3.0.0-beta.6 through 3.0.0-beta.6

Description The issue is caused by errors in access control and can be leveraged to perform remote code execution. In certain scenarios involving IFRAME elements and nativeWindowOpen: true or sandbox: true options, the vulnerability can be exploited. This can allow a remote attacker to execute arbitrary code using a specially crafted iframe element.

Recommendations Upgrade to version 1.7.16 or later for GitHub Electron version 1.7.15. Upgrade to version 1.8.8 or later for GitHub Electron version 1.8.7. Upgrade to version 2.0.8 or later for GitHub Electron version 2.0.7. Upgrade to version 3.0.0-beta.7 or later for GitHub Electron version 3.0.0-beta.6.