PT-2020-14286 · Electron+1 · Electron+1
Marshallofsound
·
Published
2020-10-06
·
Updated
2020-10-19
·
CVE-2020-15215
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Electron versions prior to 11.0.0-beta.6
Electron versions prior to 10.1.2
Electron versions prior to 9.3.1
Electron versions prior to 8.5.2
Description
This issue is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both
contextIsolation and sandbox: true are affected, as well as apps using both contextIsolation and nodeIntegrationInSubFrames: true or nativeWindowOpen: true.Recommendations
Update to version 11.0.0-beta.6 or later to resolve the issue.
Update to version 10.1.2 or later to resolve the issue.
Update to version 9.3.1 or later to resolve the issue.
Update to version 8.5.2 or later to resolve the issue.
Fix
Protection Mechanism Failure
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Electron