PT-2018-1522 · Github · Github Electron
Matt Austin
·
Published
2018-08-22
·
Updated
2019-10-03
·
CVE-2018-15685
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GitHub Electron versions 1.7.15 through 1.7.15
GitHub Electron versions 1.8.7 through 1.8.7
GitHub Electron versions 2.0.7 through 2.0.7
GitHub Electron versions 3.0.0-beta.6 through 3.0.0-beta.6
Description
The issue is caused by errors in access control and can be leveraged to perform remote code execution. In certain scenarios involving IFRAME elements and
nativeWindowOpen: true or sandbox: true options, the vulnerability can be exploited. This can allow a remote attacker to execute arbitrary code using a specially crafted iframe element.Recommendations
Upgrade to version 1.7.16 or later for GitHub Electron version 1.7.15.
Upgrade to version 1.8.8 or later for GitHub Electron version 1.8.7.
Upgrade to version 2.0.8 or later for GitHub Electron version 2.0.7.
Upgrade to version 3.0.0-beta.7 or later for GitHub Electron version 3.0.0-beta.6.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Github Electron