Description
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| electron | electron | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2020-1409 | Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. |
 Github GHSA |
GHSA-56pc-6jqp-xqj8 | Context isolation bypass in Electron |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-04T13:08:22.830Z
Reserved: 2020-06-25T00:00:00.000Z
Link: CVE-2020-15215
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-10-06T18:15:14.797
Modified: 2024-11-21T05:05:06.480
Link: CVE-2020-15215
Redhat
No data.
OpenCVE Enrichment
No data.