{"containers": {"cna": {"affected": [{"product": "electron", "vendor": "electron", "versions": [{"status": "affected", "version": ">= 8.0.0-beta.0, < 8.5.2"}, {"status": "affected", "version": ">= 9.0.0-beta.0, < 9.3.1"}, {"status": "affected", "version": ">= 10.0.0-beta.0, < 10.1.2"}, {"status": "affected", "version": ">= 11.0.0-beta.0, < 11.0.0-beta.6"}]}], "descriptions": [{"lang": "en", "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T18:00:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"}], "source": {"advisory": "GHSA-56pc-6jqp-xqj8", "discovery": "UNKNOWN"}, "title": "Context isolation bypass in Electron", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15215", "STATE": "PUBLIC", "TITLE": "Context isolation bypass in Electron"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "electron", "version": {"version_data": [{"version_value": ">= 8.0.0-beta.0, < 8.5.2"}, {"version_value": ">= 9.0.0-beta.0, < 9.3.1"}, {"version_value": ">= 10.0.0-beta.0, < 10.1.2"}, {"version_value": ">= 11.0.0-beta.0, < 11.0.0-beta.6"}]}}]}, "vendor_name": "electron"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-693 Protection Mechanism Failure"}]}, {"description": [{"lang": "eng", "value": "CWE-668 Exposure of Resource to Wrong Sphere"}]}]}, "references": {"reference_data": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8", "refsource": "CONFIRM", "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"}]}, "source": {"advisory": "GHSA-56pc-6jqp-xqj8", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.830Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15215", "datePublished": "2020-10-06T18:00:17", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "6F890386-0034-4831-88D2-FDAFCD7F0E86", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "CAE00E66-4F55-4A96-9AF6-DF0212A57052", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "B080C8F3-3715-4FB1-AFB0-D43D498AC010", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "EF0D930E-1018-46EB-8002-C73A97EF902D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "ED9C844C-14ED-4371-BE21-16EC7F7824E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "AF26C943-D81E-45EA-902D-62C9973AC8A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "907D7F4B-BFA1-43D7-87A7-771D8CAA5637", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "B8B505B2-E756-4621-80F8-D59B0AB567BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "AF99DB03-5FC2-4FD9-9C18-F18F03FC7A74", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "21851053-E851-4B7D-924F-602077DFE071", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "B48F49CE-4D63-454A-92B0-51655F5473A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "B07BDAF8-F28F-4B1C-B135-BDB0322289D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "9E19D2FD-F800-4966-A3F8-11FC843089BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.0.3:-:*:*:*:*:*:*", "matchCriteriaId": "11F9629D-D8EB-418A-BDD4-AF21034CF665", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "9A97B7D2-5A5A-4C2F-9926-0CFAEA12D33A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.1.1:-:*:*:*:*:*:*", "matchCriteriaId": "0E4FD779-32BF-43E0-99F0-C6B3E084D83D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "D4010776-46D9-4E73-B2BC-6A736E0D192D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.1:-:*:*:*:*:*:*", "matchCriteriaId": "68C4E052-46E3-4152-B95A-A8C26330AA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.2:-:*:*:*:*:*:*", "matchCriteriaId": "F03D63BE-0BB0-4492-9CED-AB97454257D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.3:-:*:*:*:*:*:*", "matchCriteriaId": "68489F71-36D5-4947-94CF-740D70028948", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.4:-:*:*:*:*:*:*", "matchCriteriaId": "14AC17C6-3780-4779-A95A-1DAAD799FE3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.2.5:-:*:*:*:*:*:*", "matchCriteriaId": "E0B61270-F062-4286-BFE4-D90251264B41", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "97237970-8734-45F5-A77C-71E9189FEB15", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.3.1:-:*:*:*:*:*:*", "matchCriteriaId": "7482B3C9-3568-4E7F-B4B9-85E1ABD96A1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.3.2:-:*:*:*:*:*:*", "matchCriteriaId": "5D4D6ACF-8EB1-4058-9052-055C151D066E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.3.3:-:*:*:*:*:*:*", "matchCriteriaId": "3A9B536A-1CDD-414C-8C49-11466C7A131A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.3.4:-:*:*:*:*:*:*", "matchCriteriaId": "43C61192-2258-466B-B222-225C99983355", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "D3D2AA53-DCC7-40F9-9BA6-BC27B73EACC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.4.1:-:*:*:*:*:*:*", "matchCriteriaId": "B022C207-380A-4D1F-B710-F97AD68EB62D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "CA36A42A-5DFE-4A92-B9E9-E2FAB651439D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:8.5.1:-:*:*:*:*:*:*", "matchCriteriaId": "75B4DDBC-A3B3-4A5A-9D13-177D8E7459CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "935D2315-3FF2-4402-8A83-A7362939E7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*", "matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "E9F2D5B4-8BE8-4225-ABE7-385E6E796EF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.2:-:*:*:*:*:*:*", "matchCriteriaId": "EC5FA64D-C502-43B2-AE3A-60900B938441", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.3:-:*:*:*:*:*:*", "matchCriteriaId": "994B6421-EFF6-43E6-AF93-1ED493DD33D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.4:-:*:*:*:*:*:*", "matchCriteriaId": "EFD0253D-47B6-4412-B1F4-4AD53636C903", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.5:-:*:*:*:*:*:*", "matchCriteriaId": "96EDD4F1-A756-4937-A792-FFA60774F131", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.6:-:*:*:*:*:*:*", "matchCriteriaId": "7C0AAB78-7E51-4E68-A64F-3E65346B87F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "3CF98CC1-9B45-463A-B342-763B2B35FCCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.1.1:-:*:*:*:*:*:*", "matchCriteriaId": "AC3A997F-4F2A-461E-A740-EF740F427034", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.1.2:-:*:*:*:*:*:*", "matchCriteriaId": "203B5D41-86AE-4EB1-9623-201CE0259E0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "A6BA120D-1953-470A-9022-8C1365FDA033", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.2.1:-:*:*:*:*:*:*", "matchCriteriaId": "0A544F21-ABCA-41A5-9D7A-0D19B2E3E41C", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "6E3FB9AC-A471-461C-9C2D-3FEA3487A8F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "F91413A0-0820-4714-BF94-16FC961CC9F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "5EF21A1C-3BDF-40CB-9BAD-9192BBC845C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta18:*:*:*:*:*:*", "matchCriteriaId": "54D63BBE-11E5-4E25-BFF3-368653FAD8C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*", "matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta22:*:*:*:*:*:*", "matchCriteriaId": "70F61C9A-104E-47E3-A46D-198651075460", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*", "matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*", "matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*", "matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "56DE863F-2D6B-482D-9445-3AA76DCD9B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "C1480FDF-4A57-4C08-A497-69010747562D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.1.1:-:*:*:*:*:*:*", "matchCriteriaId": "37690A80-D6EC-40FA-ADE2-55B4011FB5E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta0:*:*:*:*:*:*", "matchCriteriaId": "EE8836CC-F620-4C83-A398-D2068FECB5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "E8D7AA38-6CE2-4DEC-85BE-6329F37800FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."}, {"lang": "es", "value": "Electron anteriores a las versiones 11.0.0-beta.6, 10.1.2, 9.3.1 o 8.5.2, es vulnerable a una omisi\u00f3n de aislamiento de contexto.&#xa0;Las aplicaciones que usan tanto \"contextIsolation\" como \"sandbox: true\" est\u00e1n afectadas.&#xa0;Las aplicaciones que usan \"contextIsolation\" y \"nodeIntegrationInSubFrames: true\" est\u00e1n afectadas.&#xa0;Esta es una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto main world en el renderizador puede llegar al contexto de Electron aislado y realizar acciones privilegiadas"}], "id": "CVE-2020-15215", "lastModified": "2020-10-19T14:09:56.547", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-10-06T18:15:14.797", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}, {"lang": "en", "value": "CWE-693"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}