PT-2020-14181 · Github · Electron
Marshallofsound
·
Published
2020-07-07
·
Updated
2020-07-10
·
CVE-2020-15096
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Electron versions prior to 6.1.1
Electron versions prior to 7.2.4
Electron versions prior to 8.2.4
Electron versions prior to 9.0.0-beta21
Description
The issue is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using
contextIsolation are affected. There are no app-side workarounds.Recommendations
For Electron versions prior to 6.1.1, update to version 6.1.1 or later to be protected.
For Electron versions prior to 7.2.4, update to version 7.2.4 or later to be protected.
For Electron versions prior to 8.2.4, update to version 8.2.4 or later to be protected.
For Electron versions prior to 9.0.0-beta21, update to version 9.0.0-beta21 or later to be protected.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electron