Vulnerabilites related to electronjs - electron
cve-2021-39184
Vulnerability from cvelistv5
Published
2021-10-12 19:05
Modified
2024-08-04 01:58
Severity ?
EPSS score ?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/pull/30728 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5.0"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T19:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/30728"
}
],
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
},
"title": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-39184",
"STATE": "PUBLIC",
"TITLE": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5.0"
},
{
"version_value": "\u003e= 12.0.0, \u003c 12.1.0"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.3.0"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"name": "https://github.com/electron/electron/pull/30728",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/30728"
}
]
},
"source": {
"advisory": "GHSA-mpjm-v997-c4h4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39184",
"datePublished": "2021-10-12T19:05:11",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-08-04T01:58:18.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26272
Vulnerability from cvelistv5
Published
2021-01-28 18:25
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/releases/tag/v9.4.0 | x_refsource_MISC | |
| https://github.com/electron/electron/pull/26875 | x_refsource_MISC | |
| https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c | x_refsource_MISC | |
| https://www.electronjs.org/releases/stable?version=9#9.4.0 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 9.4.0"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.2.0"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T18:25:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"source": {
"advisory": "GHSA-hvf8-h2qh-37m9",
"discovery": "UNKNOWN"
},
"title": "IPC messages misrouted in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-26272",
"STATE": "PUBLIC",
"TITLE": "IPC messages misrouted in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 9.4.0"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.2.0"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.1.0"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"name": "https://github.com/electron/electron/releases/tag/v9.4.0",
"refsource": "MISC",
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"name": "https://github.com/electron/electron/pull/26875",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/26875"
},
{
"name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c",
"refsource": "MISC",
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"name": "https://www.electronjs.org/releases/stable?version=9#9.4.0",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
]
},
"source": {
"advisory": "GHSA-hvf8-h2qh-37m9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-26272",
"datePublished": "2021-01-28T18:25:17",
"dateReserved": "2020-10-01T00:00:00",
"dateUpdated": "2024-08-04T15:56:04.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000118
Vulnerability from cvelistv5
Published
2018-03-07 14:00
Modified
2024-09-16 17:23
Severity ?
EPSS score ?
Summary
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://electronjs.org/releases#1.8.2-beta.5 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-07T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/23/2018 10:04:49",
"ID": "CVE-2018-1000118",
"REQUESTER": "xiao.gong@chaitin.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electronjs.org/releases#1.8.2-beta.5",
"refsource": "CONFIRM",
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"name": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000118",
"datePublished": "2018-03-07T14:00:00Z",
"dateReserved": "2018-03-07T00:00:00Z",
"dateUpdated": "2024-09-16T17:23:13.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29247
Vulnerability from cvelistv5
Published
2022-06-13 21:05
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
},
"title": "Exposure of Resource to Wrong Sphere in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29247",
"STATE": "PUBLIC",
"TITLE": "Exposure of Resource to Wrong Sphere in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
]
},
"source": {
"advisory": "GHSA-mq8j-3h7h-p8g7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29247",
"datePublished": "2022-06-13T21:05:10",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29198
Vulnerability from cvelistv5
Published
2023-09-06 20:13
Modified
2024-09-26 15:12
Severity ?
EPSS score ?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7 | x_refsource_CONFIRM | |
| https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:07.613258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:12:58.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.6"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.2.3"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.0.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:13:56.313Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"source": {
"advisory": "GHSA-p7v2-p9m8-qqg7",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via nested unserializable return value in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29198",
"datePublished": "2023-09-06T20:13:56.313Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-09-26T15:12:58.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21718
Vulnerability from cvelistv5
Published
2022-03-22 16:25
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/pull/32178 | x_refsource_MISC | |
| https://github.com/electron/electron/pull/32240 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:35.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 13.6.6"
},
{
"status": "affected",
"version": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"status": "affected",
"version": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-22T16:25:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/32240"
}
],
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
},
"title": "Renderers can obtain access to random bluetooth device without permission in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21718",
"STATE": "PUBLIC",
"TITLE": "Renderers can obtain access to random bluetooth device without permission in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 13.6.6"
},
{
"version_value": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
},
{
"version_value": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
},
{
"version_value": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"name": "https://github.com/electron/electron/pull/32178",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32178"
},
{
"name": "https://github.com/electron/electron/pull/32240",
"refsource": "MISC",
"url": "https://github.com/electron/electron/pull/32240"
}
]
},
"source": {
"advisory": "GHSA-3p22-ghq8-v749",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21718",
"datePublished": "2022-03-22T16:25:12",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-03T02:53:35.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15174
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0-beta.0, \u003c 8.5.1"
},
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c 9.3.0"
},
{
"status": "affected",
"version": "\u003e= 10.0.0-beta.0, \u003c 10.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:35:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
}
],
"source": {
"advisory": "GHSA-2q4g-w47c-4674",
"discovery": "UNKNOWN"
},
"title": "Unpreventable top-level navigation in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15174",
"STATE": "PUBLIC",
"TITLE": "Unpreventable top-level navigation in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.1"
},
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.0"
},
{
"version_value": "\u003e= 10.0.0-beta.0, \u003c 10.0.1"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
},
{
"name": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b",
"refsource": "MISC",
"url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
}
]
},
"source": {
"advisory": "GHSA-2q4g-w47c-4674",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15174",
"datePublished": "2020-10-06T17:35:13",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44402
Vulnerability from cvelistv5
Published
2023-12-01 21:45
Modified
2024-08-02 20:07
Severity ?
EPSS score ?
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85 | x_refsource_CONFIRM | |
| https://github.com/electron/electron/pull/39788 | x_refsource_MISC | |
| https://www.electronjs.org/docs/latest/tutorial/fuses | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.24"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c= 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0-alpha.1, \u003c 24.8.3"
},
{
"status": "affected",
"version": "\u003e= 25.0.0-alpha.1, \u003c 25.8.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-alpha.1, \u003c 26.2.1"
},
{
"status": "affected",
"version": "\u003e= 27.0.0-alpha.1, \u003c 27.0.0-alpha.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T21:45:18.379Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"name": "https://github.com/electron/electron/pull/39788",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"source": {
"advisory": "GHSA-7m48-wc93-9g85",
"discovery": "UNKNOWN"
},
"title": "ASAR Integrity bypass via filetype confusion in electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44402",
"datePublished": "2023-12-01T21:45:18.379Z",
"dateReserved": "2023-09-28T17:56:32.615Z",
"dateUpdated": "2024-08-02T20:07:33.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000136
Vulnerability from cvelistv5
Published
2018-03-23 19:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.electronjs.org/blog/webview-fix | x_refsource_MISC | |
| https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/blog/webview-fix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-03-11T00:00:00",
"datePublic": "2018-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-14T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/blog/webview-fix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "3/11/2018 1:47:04",
"ID": "CVE-2018-1000136",
"REQUESTER": "security@electronjs.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.electronjs.org/blog/webview-fix",
"refsource": "MISC",
"url": "https://www.electronjs.org/blog/webview-fix"
},
{
"name": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/",
"refsource": "MISC",
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000136",
"datePublished": "2018-03-23T19:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T12:33:49.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15215
Vulnerability from cvelistv5
Published
2020-10-06 18:00
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
},
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
},
{
"status": "affected",
"version": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
},
{
"status": "affected",
"version": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T18:00:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"source": {
"advisory": "GHSA-56pc-6jqp-xqj8",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15215",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
},
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
},
{
"version_value": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
},
{
"version_value": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-668 Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
]
},
"source": {
"advisory": "GHSA-56pc-6jqp-xqj8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15215",
"datePublished": "2020-10-06T18:00:17",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4076
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | x_refsource_MISC | |
| https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"status": "affected",
"version": "\u003c 7.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T00:05:21",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
}
],
"source": {
"advisory": "GHSA-m93v-9qjc-3g79",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via leaked cross-context objects in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4076",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass via leaked cross-context objects in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"version_value": "\u003c 7.2.4"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
}
]
},
"source": {
"advisory": "GHSA-m93v-9qjc-3g79",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4076",
"datePublished": "2020-07-07T00:05:21",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36077
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= v21.0.0-nightly.20220526, \u003c 21.0.0-beta.1"
},
{
"status": "affected",
"version": "\u003e= 20.0.0-beta.1, \u003c 20.0.1"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-beta.1, \u003c 19.0.11"
},
{
"status": "affected",
"version": "\u003c 18.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-08T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"source": {
"advisory": "GHSA-p2jh-44qj-pf2v",
"discovery": "UNKNOWN"
},
"title": "Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36077",
"datePublished": "2022-11-08T00:00:00",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4075
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | x_refsource_MISC | |
| https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"status": "affected",
"version": "\u003c 7.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "{\"CWE-552\":\"Files or Directories Accessible to External Parties\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T00:05:28",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
}
],
"source": {
"advisory": "GHSA-f9mq-jph6-9mhm",
"discovery": "UNKNOWN"
},
"title": "Arbitrary file read via window-open IPC in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4075",
"STATE": "PUBLIC",
"TITLE": "Arbitrary file read via window-open IPC in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"version_value": "\u003c 7.2.4"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-552\":\"Files or Directories Accessible to External Parties\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
}
]
},
"source": {
"advisory": "GHSA-f9mq-jph6-9mhm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4075",
"datePublished": "2020-07-07T00:05:28",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23623
Vulnerability from cvelistv5
Published
2023-09-06 20:16
Modified
2024-09-26 17:48
Severity ?
EPSS score ?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "electron",
"vendor": "atom",
"versions": [
{
"lessThan": "22.0.1",
"status": "affected",
"version": "22.0.0_beta.1",
"versionType": "custom"
},
{
"lessThan": "23.0.0_alpha.2",
"status": "affected",
"version": "23.0.0_alpha.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:45:10.379594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:48:22.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0-beta.1, \u003c 22.0.1"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-alpha.1, \u003c 23.0.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:16:10.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"source": {
"advisory": "GHSA-gxh7-wv9q-fwfr",
"discovery": "UNKNOWN"
},
"title": "Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23623",
"datePublished": "2023-09-06T20:16:10.381Z",
"dateReserved": "2023-01-16T17:07:46.243Z",
"dateUpdated": "2024-09-26T17:48:22.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29257
Vulnerability from cvelistv5
Published
2022-06-13 21:25
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"status": "affected",
"version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T21:25:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
},
"title": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29257",
"STATE": "PUBLIC",
"TITLE": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 15.5.5"
},
{
"version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
},
{
"version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
},
{
"version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
]
},
"source": {
"advisory": "GHSA-77xc-hjv8-ww97",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29257",
"datePublished": "2022-06-13T21:25:10",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-15685
Vulnerability from cvelistv5
Published
2018-08-23 05:00
Modified
2024-08-05 10:01
Severity ?
EPSS score ?
Summary
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/45272/ | exploit, x_refsource_EXPLOIT-DB | |
| https://electronjs.org/blog/web-preferences-fix | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45272/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://electronjs.org/blog/web-preferences-fix"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and \"nativeWindowOpen: true\" or \"sandbox: true\" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45272",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45272/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://electronjs.org/blog/web-preferences-fix"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and \"nativeWindowOpen: true\" or \"sandbox: true\" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45272",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45272/"
},
{
"name": "https://electronjs.org/blog/web-preferences-fix",
"refsource": "MISC",
"url": "https://electronjs.org/blog/web-preferences-fix"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15685",
"datePublished": "2018-08-23T05:00:00",
"dateReserved": "2018-08-21T00:00:00",
"dateUpdated": "2024-08-05T10:01:54.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15096
Vulnerability from cvelistv5
Published
2020-07-07 00:10
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | x_refsource_MISC | |
| https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.1"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.4"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"status": "affected",
"version": "\u003e=9.0.0-beta.0, \u003c 9.0.0-beta.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T00:10:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
}
],
"source": {
"advisory": "GHSA-6vrv-94jv-crrg",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via Promise in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15096",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass via Promise in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003c 6.1.1"
},
{
"version_value": "\u003e= 7.0.0, \u003c 7.2.4"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"version_value": "\u003e=9.0.0-beta.0, \u003c 9.0.0-beta.21"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
}
]
},
"source": {
"advisory": "GHSA-6vrv-94jv-crrg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15096",
"datePublished": "2020-07-07T00:10:13",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16151
Vulnerability from cvelistv5
Published
2018-06-07 02:00
Modified
2024-09-16 16:54
Severity ?
EPSS score ?
Summary
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix | x_refsource_MISC | |
| https://nodesecurity.io/advisories/539 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | electron node module |
Version: < 1.6.14 || >= 1.7.0 < 1.7.8 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:04.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-07T01:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron node module",
"version": {
"version_data": [
{
"version_value": "\u003c 1.6.14 || \u003e= 1.7.0 \u003c 1.7.8"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
"refsource": "MISC",
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"name": "https://nodesecurity.io/advisories/539",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16151",
"datePublished": "2018-06-07T02:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T16:54:03.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-4077
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Severity ?
EPSS score ?
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g | x_refsource_CONFIRM | |
| https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"status": "affected",
"version": "\u003c 7.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T00:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"source": {
"advisory": "GHSA-h9jc-284h-533g",
"discovery": "UNKNOWN"
},
"title": "Context isolation bypass via contextBridge in Electron",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4077",
"STATE": "PUBLIC",
"TITLE": "Context isolation bypass via contextBridge in Electron"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "electron",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.2.4"
},
{
"version_value": "\u003c 7.2.4"
}
]
}
}
]
},
"vendor_name": "electron"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-501 Trust Boundary Violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
},
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
]
},
"source": {
"advisory": "GHSA-h9jc-284h-533g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4077",
"datePublished": "2020-07-07T00:05:16",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-39956
Vulnerability from cvelistv5
Published
2023-09-06 20:09
Modified
2024-09-26 15:17
Severity ?
EPSS score ?
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:18:10.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:44:20.784199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:17:59.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 22.3.19"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.3.13"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c 24.7.1"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c 25.4.1"
},
{
"status": "affected",
"version": "\u003e= 26.0.0-beta.1, \u003c 26.0.0-beta.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:09:33.185Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"source": {
"advisory": "GHSA-7x97-j373-85x5",
"discovery": "UNKNOWN"
},
"title": "Electron: Out-of-package code execution when launched with arbitrary cwd"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-39956",
"datePublished": "2023-09-06T20:09:33.185Z",
"dateReserved": "2023-08-07T16:27:27.075Z",
"dateUpdated": "2024-09-26T15:17:59.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-07-07 00:15
Modified
2024-11-21 05:32
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
9.0 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
9.0 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79 | Third Party Advisory | |
| security-advisories@github.com | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A476AD-CF63-41DE-8B71-7CB8CB828BA7",
"versionEndExcluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
},
{
"lang": "es",
"value": "En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisi\u00f3n de aislamiento de contexto. El c\u00f3digo que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto Electron aislado y llevar a cabo acciones privilegiadas. Las aplicaciones que usan contextIsolation est\u00e1n afectadas. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4"
}
],
"id": "CVE-2020-4076",
"lastModified": "2024-11-21T05:32:15.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T00:15:10.590",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 22:15
Modified
2024-11-21 06:58
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8B47CB-180C-4491-89D5-7682B45C06FF",
"versionEndExcluding": "15.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B9A5F4-98BD-4C71-8971-7A2ED187B155",
"versionEndExcluding": "16.2.0",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4978EA-362E-46C8-A56B-4F4B47237C05",
"versionEndExcluding": "17.2.0",
"versionStartIncluding": "17.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DCBD6783-12BE-4D63-B403-188943FB4F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "989D1505-66D5-4855-A8FA-58F9566FF7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E6C15DE2-CA55-4A42-8D64-C44068B24B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2A4E764B-39E3-4C93-8F7F-1ACFA66FA51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B67FFDE1-21D0-412E-95FB-D86A350EC9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04F71865-1B3E-4882-B316-87AEAEB84A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CF914799-7DA1-4B93-9445-1DFCD72D6A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "3DE7DE50-D9B1-48D9-A8F8-2DF34B80BC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "2E8C22CB-3247-47F9-8E54-F694437090ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C8C94BE-5D08-4563-AF15-5FC06BB679AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "987FAB5C-E1EC-4831-9AA0-FAD35A376584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FAF77E7D-D445-480D-BEBF-A071B58475C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "570418D1-09E9-4A39-8F19-D4ABC1788983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4D0F4031-84D6-4E8D-AED5-D8C1E5ED3CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F2B316FE-6214-46FA-88FF-F684DD3D53C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "D8FA77A9-A4AF-404A-B144-97A3CE679444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6A9DB6A0-6C09-44F9-A76B-7600E9B44CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "470F4DB3-4AB0-402F-A18C-22A430993F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "11BEDA0E-71FE-4D37-B06F-FA4B281CD970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "05B3D931-5802-471E-AE40-9282CC03E4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "56721A2E-45B2-4D19-B25D-DD8628185B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "577CBB14-4AEF-4CF2-B203-88055A68810D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "16A23DCC-2355-4431-A452-40BC95D3164E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5, permite a atacantes que presentan el control de un determinado servidor de actualizaci\u00f3n de aplicaciones / almacenamiento de actualizaciones servir paquetes de actualizaci\u00f3n maliciosamente dise\u00f1ados que pasan la comprobaci\u00f3n de comprobaci\u00f3n de la firma de c\u00f3digo pero que contienen c\u00f3digo malicioso en algunos componentes. Este tipo de ataque requerir\u00eda privilegios significativos en la propia infraestructura de actualizaci\u00f3n autom\u00e1tica de una v\u00edctima potencial y la facilidad de ese ataque depende totalmente de la seguridad de la infraestructura de la v\u00edctima potencial. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una correcci\u00f3n para este problema. No se presentan mitigaciones conocidas"
}
],
"id": "CVE-2022-29257",
"lastModified": "2024-11-21T06:58:49.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T22:15:08.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-23 19:29
Modified
2024-11-21 03:39
Severity ?
Summary
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.electronjs.org/blog/webview-fix | Mitigation, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/blog/webview-fix | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 2.0.0 | |
| electronjs | electron | 2.0.0 | |
| electronjs | electron | 2.0.0 | |
| electronjs | electron | 2.0.0 | |
| electronjs | electron | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A61CF72D-4323-4882-9B56-55692C54017D",
"versionEndIncluding": "1.7.12",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B835C5A9-9EC8-4C80-9192-6FD67C9527E9",
"versionEndIncluding": "1.8.3",
"versionStartExcluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88957B05-406B-4789-AD31-B9D82A1C56DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "88C71615-EFCF-41C6-AEEE-4D4C0AC8C8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EDDC6B3D-1ABD-4F15-BF25-C2C41507A1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "D4E2CC9C-22C9-471E-986F-B4C325EF5017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "3E1A9F01-84AC-45D8-AC93-03DB8EE27CE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4."
},
{
"lang": "es",
"value": "Electron, en versiones desde la 1.7 hasta la 1.7.12, desde la 1.8 hasta la 1.8.3 y desde la 2.0.0 hasta la 2.0.0-beta.3, contiene una vulnerabilidad de gesti\u00f3n incorrecta de valores en Webviews que puede dar como resultado la ejecuci\u00f3n remota de c\u00f3digo. Parece que este ataque puede ser explotable mediante una app que permite la ejecuci\u00f3n de c\u00f3digo de terceros, no acepta la integraci\u00f3n de nodos y no especifica si la vista web est\u00e1 habilitada o deshabilitada. Esta vulnerabilidad parece haber sido solucionada en las versiones 1.7.13, 1.8.4, 2.0.0-beta.4."
}
],
"id": "CVE-2018-1000136",
"lastModified": "2024-11-21T03:39:45.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T19:29:00.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/blog/webview-fix"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/blog/webview-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 21:15
Modified
2024-11-21 07:56
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 24.0.0 | |
| electronjs | electron | 25.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1C14CCD1-146F-4A22-B093-C9FEC8047E91",
"versionEndExcluding": "22.3.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "B080AD66-1912-4AD2-BE21-B69935B4F04D",
"versionEndExcluding": "23.2.3",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "2635DE47-9315-4D0D-BA52-215D97A09BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "800543E5-0E06-4E9B-A18D-9857524244D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "47E4540B-0EAE-41B8-878F-F22C3BDF0FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "05448824-0FA1-41DF-938F-0FC5D82C9FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "FDB7E385-A58F-4B91-B7EE-75475D65038C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2ADACB20-163D-4BE0-AFD9-D93A5D58A910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "8EEBC95D-093C-49BE-A309-DE544BCD698C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "501BF9A9-4EC1-485F-953B-E129252FC9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8F28A9E8-D1CD-476F-9BF7-F205B1FCDBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "19F9825C-3265-411E-96E0-1C470D4F6830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "7CD55BDC-94ED-4ED8-905C-3AFBAB59AA63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "E65B67F6-3AA6-4E7C-9290-C71A8CCB9A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "CC14A98C-9410-42A2-A71B-DC73C3855901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "01B7E19C-F35A-4EAD-9640-926EE76E5FB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:24.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "509E7716-E3DB-4ABF-820D-514DEE59F251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:25.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "4F2529F8-84AF-4F04-BD1A-3C4A2AF49B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
},
{
"lang": "es",
"value": "Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Las aplicaciones de Electron que usan `contextIsolation` y `contextBridge` se ven afectadas. Se trata de una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto mundial principal en el renderizador puede acceder al contexto aislado de Electron y realizar acciones privilegiadas. Este problema solo se puede explotar si una API expuesta al mundo principal a trav\u00e9s de `contextBridge` puede devolver un objeto o matriz que contenga un objeto javascript que no se pueda serializar, por ejemplo, un contexto de representaci\u00f3n de lienzo. Esto normalmente dar\u00eda como resultado que se lanzara una excepci\u00f3n \"Error: el objeto no se pudo clonar\". El workaround del lado de la aplicaci\u00f3n es garantizar que tal caso no sea posible. Aseg\u00farese de que todos los valores devueltos por una funci\u00f3n expuesta a trav\u00e9s del puente de contexto sean compatibles. Este problema se solucion\u00f3 en las versiones `25.0.0-alpha.2`, `24.0.1`, `23.2.3` y `22.3.6`."
}
],
"id": "CVE-2023-29198",
"lastModified": "2024-11-21T07:56:41.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:11.560",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 18:15
Modified
2024-11-21 05:05
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L
Summary
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC7932C-69B7-49B9-820F-3B94EC01F885",
"versionEndExcluding": "8.5.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31009479-D311-46F3-80FB-66D67884BADC",
"versionEndExcluding": "9.3.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "999A166F-06ED-42E8-BA49-61F4120C6893",
"versionEndExcluding": "10.0.1",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."
},
{
"lang": "es",
"value": "En Electron anteriores a las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1, el evento \"will-navigate\" que usa las aplicaciones para evitar la navegaci\u00f3n a destinos inesperados seg\u00fan nuestras recomendaciones de seguridad se puede omitir cuando una sub-frame realiza una navegaci\u00f3n top-frame a trav\u00e9s de los sitios.\u0026#xa0;El problema est\u00e1 parcheado en las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1. Como una soluci\u00f3n temporal, todos sus iframes utilizan el atributo sandbox.\u0026#xa0;Esto impedir\u00e1 que creen navegaciones top-frame y es una buena pr\u00e1ctica de todos modos"
}
],
"id": "CVE-2020-15174",
"lastModified": "2024-11-21T05:05:00.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T18:15:14.283",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-01 22:15
Modified
2024-11-21 08:25
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 | |
| electronjs | electron | 27.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "6006372D-2948-4C30-9A18-9C5519423031",
"versionEndIncluding": "22.3.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "5FDAA109-329D-474B-9D23-8EFF99774F76",
"versionEndIncluding": "23.3.14",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2164B3AC-FCFB-4D1B-9963-8E697F2C3A42",
"versionEndIncluding": "24.8.3",
"versionStartIncluding": "24.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2A10085B-F308-4465-B350-B57CFF2664FD",
"versionEndIncluding": "25.8.1",
"versionStartIncluding": "25.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "834EBAA7-160F-48CE-889A-D0D764EB6AB8",
"versionEndIncluding": "26.2.1",
"versionStartIncluding": "26.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "6AE1C9EE-76CF-406C-96E4-3BC2F84A1CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "79F654E8-C55B-43D3-8583-7918F830934B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "39B4D77B-02AE-4ED1-BA12-F147FAAD5C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "AE44F8C9-B82B-4150-9491-AA9FDCF355F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "2D68602C-470C-4278-B282-F4F992F349B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:27.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "F930816D-73B0-4FF9-B7C2-E5F1C83F88E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
},
{
"lang": "es",
"value": "Electron es un framework de c\u00f3digo abierto para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Esto solo afecta a las aplicaciones que tienen habilitados los fusibles \"embeddedAsarIntegrityValidation\" y \"onlyLoadAppFromAsar\". Las aplicaciones sin estos fusibles habilitados no se ven afectadas. Este problema es espec\u00edfico de macOS, ya que actualmente estos fusibles solo son compatibles con macOS. Espec\u00edficamente, este problema solo puede explotarse si su aplicaci\u00f3n se inicia desde un sistema de archivos en el que el atacante tambi\u00e9n tiene acceso de escritura, es decir, la capacidad de editar archivos dentro del paquete `.app` en macOS contra el cual se supone que protegen estos fusibles. No existen workarounds en la aplicaci\u00f3n; debe actualizar a una versi\u00f3n parcheada de Electron."
}
],
"id": "CVE-2023-44402",
"lastModified": "2024-11-21T08:25:49.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-01T22:15:09.970",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/electron/electron/pull/39788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-23 05:29
Modified
2024-11-21 03:51
Severity ?
Summary
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://electronjs.org/blog/web-preferences-fix | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/45272/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://electronjs.org/blog/web-preferences-fix | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/45272/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | 1.7.15 | |
| electronjs | electron | 1.8.7 | |
| electronjs | electron | 2.0.7 | |
| electronjs | electron | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:1.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6C2A25-24A6-400A-B6D2-FA01C87C71BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AC2C2A-6BB8-409E-A84C-7AFB32C86177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AE8109-C570-4F29-9CC8-3D28B52BBFDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "9AC39061-A73E-4A36-900E-9E07874549EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and \"nativeWindowOpen: true\" or \"sandbox: true\" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution."
},
{
"lang": "es",
"value": "GitHub Electron 1.7.15, 1.8.7, 2.0.7, y 3.0.0-beta.6, en determinados escenarios que incluyen elementos de IFRAME y opciones \"nativeWindowOpen: true\" o \"sandbox: true\", se ve afectado por una vulnerabilidad de WebPreferences que puede aprovecharse para realizar la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2018-15685",
"lastModified": "2024-11-21T03:51:16.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-23T05:29:00.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://electronjs.org/blog/web-preferences-fix"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45272/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://electronjs.org/blog/web-preferences-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45272/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 00:15
Modified
2024-11-21 05:04
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Summary
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg | Third Party Advisory | |
| security-advisories@github.com | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2EC9F8A-F7E4-4232-AE3D-8C832272F912",
"versionEndExcluding": "6.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A476AD-CF63-41DE-8B71-7CB8CB828BA7",
"versionEndExcluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
},
{
"lang": "es",
"value": "En Electron antes de las versiones 6.1.1, 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisi\u00f3n de aislamiento de contexto, quiere decir que el c\u00f3digo que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto de Electron aislado y llevar a cabo acciones privilegiadas. Las aplicaciones que usan \"contextIsolation\" est\u00e1n afectadas. No existen soluciones alternativas para la aplicaci\u00f3n, deben actualizar su versi\u00f3n de Electron para estar protegidos. Esto es corregido en las versiones 6.1.1, 7.2.4, 8.2.4 y 9.0.0-beta21"
}
],
"id": "CVE-2020-15096",
"lastModified": "2024-11-21T05:04:48.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T00:15:10.417",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-28 19:15
Modified
2024-11-21 05:19
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8DEA8B-C7B1-4255-8EB4-60EF9660CB6C",
"versionEndExcluding": "9.4.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDE1D62-9F3E-41E3-8C5D-C5A200A280A4",
"versionEndExcluding": "10.2.0",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01855BDD-98F7-4577-AA6D-B1776EAF9AA5",
"versionEndExcluding": "11.1.0",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "B8453EF9-E063-4398-A637-E70AEA0FC4D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "3FFBA70C-CEBE-425D-ABF7-4FF070BE1DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "A66951CF-8088-4A74-9E40-1145B3695C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "C4A7E569-0B63-4458-93A9-DC1BF3F708C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FA231DB9-14E3-4BF4-88B6-3AE122993CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D3101022-9B4D-4ABC-8D9A-1B8C74265567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "CB419AE9-5DFA-41D9-AB2C-C3CF18F1F08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "94A9223E-5B13-4A02-B16D-B6C7612745A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "BD90D1EB-DE25-4333-9029-CA8908271264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "3DED187D-2AE5-491C-94DE-5C44616DFE12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "980768C9-026E-4E03-AFE9-17C53B94D8FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "75049DEC-3563-47AA-9D2A-90C4879D2B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "C5643422-9C2C-4493-A9F1-370945A817C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "3108EE52-D993-4CDC-9BD3-2C206F49F61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "3B194A32-4E7C-49E8-8C01-929FA26F7DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "0E07C2F2-1219-45BD-89B6-FB41D4A418F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "E44904CE-4107-44E0-8EEC-212B2F5CE561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "E88A6487-3293-4C46-BE5E-03BA641E0238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "A50A9FEF-50D9-4A6E-A232-6F652D606A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "EB9F6591-69DB-4777-9BB8-80E2EB7692BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "C4948E6E-916D-48BE-B238-95936BED449B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B6CCA15C-7957-4220-A3AB-085D503FF0C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7FA70916-C875-466C-8FDE-21E2464E6780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "7EDDB343-462D-4459-8F91-AF746399017D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "9A030AF7-8CEB-4C9B-AF89-08B30510813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "6F63EB74-D040-4965-8987-6550559A9A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "66D5722B-D0DD-439D-B3F8-F5810B26F5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "72ED1AF8-FB97-4B42-BB4D-43294E5D3B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6C743A41-E619-402A-AEDA-2994DC69B3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "103E66D7-6EF4-4E5E-BFAD-9F223E2F10A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue."
},
{
"lang": "es",
"value": "El framework Electron le permite escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS.\u0026#xa0;En las versiones afectadas de Electron IPC, los mensajes enviados desde el proceso principal a una subtrama en el proceso de renderizado, por medio de webContents.sendToFrame, event.reply o cuando se usa el m\u00f3dulo remoto, en algunos casos pueden enviarse a la trama incorrecta.\u0026#xa0;Si su aplicaci\u00f3n usa remoto, llama a webContents.sendToFrame, o llama a event.reply en un manejador de mensajes de IPC, entonces se ve afectado por este problema.\u0026#xa0;Esto se ha corregido en las versiones 9.4.0, 10.2.0, 11.1.0 y 12.0.0-beta.9.\u0026#xa0;No existen soluciones para este problema"
}
],
"id": "CVE-2020-26272",
"lastModified": "2024-11-21T05:19:43.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T19:15:13.003",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/26875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/releases/tag/v9.4.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 00:15
Modified
2024-11-21 05:32
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g | Third Party Advisory | |
| security-advisories@github.com | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A476AD-CF63-41DE-8B71-7CB8CB828BA7",
"versionEndExcluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
},
{
"lang": "es",
"value": "En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisi\u00f3n de aislamiento de contexto. El c\u00f3digo que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto Electron aislado y llevar a cabo acciones privilegiadas. Las aplicaciones que usan tanto \"contextIsolation\" como \"contextBridge\" est\u00e1n afectadas. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4"
}
],
"id": "CVE-2020-4077",
"lastModified": "2024-11-21T05:32:15.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T00:15:10.700",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-501"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-06 18:15
Modified
2024-11-21 05:05
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6F890386-0034-4831-88D2-FDAFCD7F0E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "CAE00E66-4F55-4A96-9AF6-DF0212A57052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B080C8F3-3715-4FB1-AFB0-D43D498AC010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF0D930E-1018-46EB-8002-C73A97EF902D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "ED9C844C-14ED-4371-BE21-16EC7F7824E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF26C943-D81E-45EA-902D-62C9973AC8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "907D7F4B-BFA1-43D7-87A7-771D8CAA5637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "B8B505B2-E756-4621-80F8-D59B0AB567BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "AF99DB03-5FC2-4FD9-9C18-F18F03FC7A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "21851053-E851-4B7D-924F-602077DFE071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B48F49CE-4D63-454A-92B0-51655F5473A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B07BDAF8-F28F-4B1C-B135-BDB0322289D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "9E19D2FD-F800-4966-A3F8-11FC843089BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "11F9629D-D8EB-418A-BDD4-AF21034CF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "9A97B7D2-5A5A-4C2F-9926-0CFAEA12D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0E4FD779-32BF-43E0-99F0-C6B3E084D83D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D4010776-46D9-4E73-B2BC-6A736E0D192D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "68C4E052-46E3-4152-B95A-A8C26330AA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "F03D63BE-0BB0-4492-9CED-AB97454257D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "68489F71-36D5-4947-94CF-740D70028948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "14AC17C6-3780-4779-A95A-1DAAD799FE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.2.5:-:*:*:*:*:*:*",
"matchCriteriaId": "E0B61270-F062-4286-BFE4-D90251264B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97237970-8734-45F5-A77C-71E9189FEB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "7482B3C9-3568-4E7F-B4B9-85E1ABD96A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5D4D6ACF-8EB1-4058-9052-055C151D066E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "3A9B536A-1CDD-414C-8C49-11466C7A131A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.3.4:-:*:*:*:*:*:*",
"matchCriteriaId": "43C61192-2258-466B-B222-225C99983355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D3D2AA53-DCC7-40F9-9BA6-BC27B73EACC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.4.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B022C207-380A-4D1F-B710-F97AD68EB62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CA36A42A-5DFE-4A92-B9E9-E2FAB651439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:8.5.1:-:*:*:*:*:*:*",
"matchCriteriaId": "75B4DDBC-A3B3-4A5A-9D13-177D8E7459CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "935D2315-3FF2-4402-8A83-A7362939E7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "E9F2D5B4-8BE8-4225-ABE7-385E6E796EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "EC5FA64D-C502-43B2-AE3A-60900B938441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "994B6421-EFF6-43E6-AF93-1ED493DD33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.4:-:*:*:*:*:*:*",
"matchCriteriaId": "EFD0253D-47B6-4412-B1F4-4AD53636C903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.5:-:*:*:*:*:*:*",
"matchCriteriaId": "96EDD4F1-A756-4937-A792-FFA60774F131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.6:-:*:*:*:*:*:*",
"matchCriteriaId": "7C0AAB78-7E51-4E68-A64F-3E65346B87F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CF98CC1-9B45-463A-B342-763B2B35FCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AC3A997F-4F2A-461E-A740-EF740F427034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "203B5D41-86AE-4EB1-9623-201CE0259E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A6BA120D-1953-470A-9022-8C1365FDA033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "0A544F21-ABCA-41A5-9D7A-0D19B2E3E41C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "6E3FB9AC-A471-461C-9C2D-3FEA3487A8F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F91413A0-0820-4714-BF94-16FC961CC9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "5EF21A1C-3BDF-40CB-9BAD-9192BBC845C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "54D63BBE-11E5-4E25-BFF3-368653FAD8C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "70F61C9A-104E-47E3-A46D-198651075460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "56DE863F-2D6B-482D-9445-3AA76DCD9B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C1480FDF-4A57-4C08-A497-69010747562D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:10.1.1:-:*:*:*:*:*:*",
"matchCriteriaId": "37690A80-D6EC-40FA-ADE2-55B4011FB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "EE8836CC-F620-4C83-A398-D2068FECB5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E8D7AA38-6CE2-4DEC-85BE-6329F37800FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
},
{
"lang": "es",
"value": "Electron anteriores a las versiones 11.0.0-beta.6, 10.1.2, 9.3.1 o 8.5.2, es vulnerable a una omisi\u00f3n de aislamiento de contexto.\u0026#xa0;Las aplicaciones que usan tanto \"contextIsolation\" como \"sandbox: true\" est\u00e1n afectadas.\u0026#xa0;Las aplicaciones que usan \"contextIsolation\" y \"nodeIntegrationInSubFrames: true\" est\u00e1n afectadas.\u0026#xa0;Esta es una omisi\u00f3n de aislamiento de contexto, lo que significa que el c\u00f3digo que se ejecuta en el contexto main world en el renderizador puede llegar al contexto de Electron aislado y realizar acciones privilegiadas"
}
],
"id": "CVE-2020-15215",
"lastModified": "2024-11-21T05:05:06.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-06T18:15:14.797",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
},
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-12 19:15
Modified
2024-11-21 06:18
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one's app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/pull/30728 | Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/30728 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4 | Mitigation, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED24D03-59B2-4E91-B807-7BD1B09D8389",
"versionEndExcluding": "11.5.0",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DE5DF76-68D8-4E5F-8916-6F3F7140E7EE",
"versionEndExcluding": "12.1.0",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56BC24C9-C297-4D02-8601-B8F37449350B",
"versionEndExcluding": "13.3.0",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3152223A-E182-45F8-87EC-264B2DDD4B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D2007F6E-ECCB-4A7B-A4B6-24104A8D8AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "7134F6E7-427F-4187-B94B-1B1C1B1FE73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "82F84AAE-AD55-4565-9D41-DCAFCAA5D0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "D63A3C29-E6F0-41A3-838F-F7BFA893CF7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "4DD814A9-5A50-49EF-9053-B36B127D7AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "E0B813DB-A89D-48AD-A3F0-3D68AB7A087F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "C192B552-BE06-480C-86A7-59CC2291EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "CFDC76F2-A8CA-4063-A8DA-F63C04D70760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "98A43F4A-ED19-47D4-B4F9-7BC769E2F7F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "DDB7F3FF-CDFF-4E23-B2D1-EF0AC8C75D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "430C057D-8574-44DB-B8A4-8ECD9BBA6B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "2CF66D1F-77B6-4A5E-AD93-921FF2FC3309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "871B25E4-F705-491D-842E-3D79B9351DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "2A59303D-7105-44E5-A91F-CBEF2F672F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "B2E8CF66-C123-4A63-BE8D-90321FF8A348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "FEE680F3-CB4A-4298-A4B1-FDDE6BAB0896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "65DE71FB-0390-4D80-982E-D8709CD73573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0CF035B4-FEF5-4D53-B975-CAF66ACA1860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "88607FE5-5E91-4CD9-831A-2C353779BA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DAE6B51E-F47B-48F5-8249-C958E85AE708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "65B43BEC-8941-4587-A7AA-000456568E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "69CBF166-FF15-4E1C-83C1-207C1F67A7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "0817340D-82C9-4D79-9FF3-36F13260542D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:14.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F20755C8-D323-4CF8-ACA0-199081610342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "FD9A6155-8B6B-4C1B-80CB-A26779559AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F84883AD-A2C0-4075-BDB7-AAB8307DC099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "028E4C03-4A98-4311-8A19-825035C8EB14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "78FAAB9C-73D0-4DBC-B78F-293D75FDFC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "9709716E-896F-430E-9C5F-F898B46256E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "669329B9-EA55-4FEC-8543-A8FA1C0733BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "99904BC0-56A9-405C-A4C3-BCE30B840DB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha8:*:*:*:*:*:*",
"matchCriteriaId": "755AE879-ACB3-450A-85B4-095E93CCF77A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:15.0.0:alpha9:*:*:*:*:*:*",
"matchCriteriaId": "37428807-70D6-496C-82A0-2084F2BC2D51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
},
{
"lang": "es",
"value": "Electron es un framework para escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS. Una vulnerabilidad en las versiones anteriores a 11.5.0, 12.1.0 y 13.3.0, permite que un renderizador en sandbox requiera una imagen \"thumbnail\" de un archivo arbitrario en el sistema del usuario. La miniatura puede incluir potencialmente partes significativas del archivo original, incluyendo datos textuales en muchos casos. Las versiones 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0 y 11.5.0, contienen una correcci\u00f3n de la vulnerabilidad. Se presentan dos soluciones disponibles aparte de la actualizaci\u00f3n. Uno puede hacer que la vulnerabilidad sea significativamente m\u00e1s dif\u00edcil de explotar para un atacante al habilitar \"contextIsolation\" en la propia aplicaci\u00f3n. Tambi\u00e9n es posible deshabilitar la funcionalidad de la API \"createThumbnailFromPath\" si no es necesaria"
}
],
"id": "CVE-2021-39184",
"lastModified": "2024-11-21T06:18:49.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-12T19:15:07.987",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/30728"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/30728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-07 00:15
Modified
2024-11-21 05:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm | Third Party Advisory | |
| security-advisories@github.com | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 | |
| electronjs | electron | 9.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45",
"versionEndExcluding": "7.2.4",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31A476AD-CF63-41DE-8B71-7CB8CB828BA7",
"versionEndExcluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "87556FB9-4AEC-4C3A-8DF6-4480728C8605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
},
{
"lang": "es",
"value": "En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, una lectura arbitraria de archivos locales es posible al definir opciones de ventana no seguras en una ventana secundaria abierta por medio de window.open. Como soluci\u00f3n alternativa, aseg\u00farense de llamar a la funci\u00f3n \"event.preventDefault()\" en todos los eventos de ventanas nuevas donde la \"url\" u \"options\" no es algo que se espera. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4"
}
],
"id": "CVE-2020-4075",
"lastModified": "2024-11-21T05:32:15.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T00:15:10.513",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-08 07:15
Modified
2024-11-21 07:12
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on('will-redirect')` event, for all WebContents as a workaround.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| electronjs | electron | 21.0.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "138970C1-2C17-4B01-A90B-F9EE5A424B82",
"versionEndExcluding": "18.3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "4E2B9D0E-3F68-446E-BFB5-4D17045C741D",
"versionEndExcluding": "19.0.11",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A1B82270-2ECF-412D-B346-BA918EE4D690",
"versionEndExcluding": "20.0.1",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "4CDC3C50-9ECE-4908-8A40-892BDE3A6D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "276FABBA-8CF8-4F24-B564-E2B92313BEC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "DC332397-0312-4810-B793-5596CFA9CCF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "54A98448-0E15-4B53-8ABE-08FFA1421920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "46BFC0D2-1409-4FB3-8762-8250DC0D6B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "BCE9B3DE-2959-4BC5-81D4-8ACC7C974D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:21.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "77D8118B-0A0C-467A-B60A-29F1C9C1B964",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
},
{
"lang": "es",
"value": "El framework Electron permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. En versiones anteriores a 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7, Electron es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial. Al seguir una redirecci\u00f3n, Electron retrasa la verificaci\u00f3n de la redirecci\u00f3n a file:// URL desde otros esquemas. El contenido del archivo no est\u00e1 disponible para el renderizador despu\u00e9s de la redirecci\u00f3n, pero si el destino de la redirecci\u00f3n es una URL SMB como `file://some.website.com/`, en algunos casos, Windows se conectar\u00e1 a ese servidor e intente la autenticaci\u00f3n NTLM, que puede incluir el env\u00edo de credenciales hash. Este problema se solucion\u00f3 en las versiones: 21.0.0-beta.1, 20.0.1, 19.0.11 y 18.3.7. Se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n estable de Electron. Si no es posible realizar la actualizaci\u00f3n, este problema se puede solucionar sin realizar la actualizaci\u00f3n evitando las redirecciones a las URL file:// en el evento `WebContents.on(\u0027will-redirect\u0027)`, para todos los WebContents como workaround alternativo."
}
],
"id": "CVE-2022-36077",
"lastModified": "2024-11-21T07:12:19.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-08T07:15:09.347",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 02:29
Modified
2024-11-21 03:15
Severity ?
Summary
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "7EEDBBA6-CABB-4796-A747-E86973C6CC8B",
"versionEndExcluding": "1.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
},
{
"lang": "es",
"value": "En base a los detalles proporcionados por el equipo ElectronJS, se ha descubierto una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Google Chromium que afecta a todas las versiones recientes de Electron. Cualquier aplicaci\u00f3n de Electron que acceda a contenido remoto es vulnerable a este exploit, independientemente de si la [opci\u00f3n sandbox] (https://electron.atom.io/docs/api/sandbox-option) est\u00e1 habilitada."
}
],
"id": "CVE-2017-16151",
"lastModified": "2024-11-21T03:15:55.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T02:29:04.487",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Broken Link"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/539"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 21:15
Modified
2024-11-21 08:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 | |
| electronjs | electron | 26.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "876893B6-020E-4F0C-ADA8-0AAAFDFB3922",
"versionEndExcluding": "22.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3C0714E9-9092-49C0-AD01-F56AF468BA49",
"versionEndExcluding": "23.3.13",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "95DEED4B-F4E0-486B-B46B-4397519235EC",
"versionEndExcluding": "24.7.1",
"versionStartIncluding": "24.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "1BB069BB-C9A7-480C-A689-F83FC630534C",
"versionEndExcluding": "25.5.0",
"versionStartIncluding": "25.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "39BCC6D5-834D-4883-B7B8-89F7E67BC61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "EBEBCE23-C4FC-4EDC-BDC5-2FE8DB113EA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "84FBB241-6F29-49FD-897B-0A0DFDF884FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "A88CA9F8-D261-4386-89FF-619F485DF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "6C56F8DA-3DF0-41F0-AA2B-A6038F0F5C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "8BA72227-F2E5-47FA-9A0E-15A7A4427633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "9EF46C92-82F7-4D80-BEA5-3E397E76EC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:alpha8:*:*:*:node.js:*:*",
"matchCriteriaId": "82F847A9-299A-4EF8-B132-538B25B3CC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "AF7D1848-6965-4C53-8034-1927E36F51A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta10:*:*:*:node.js:*:*",
"matchCriteriaId": "513AF17A-CB29-4C15-831E-EA85A030CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta11:*:*:*:node.js:*:*",
"matchCriteriaId": "1A6182B1-2B14-4AD8-AE84-234399E57EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta12:*:*:*:node.js:*:*",
"matchCriteriaId": "25D4C39D-27FA-4463-8673-7FA542EC984F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "F204551A-6B2F-4C48-83F7-35B948B63CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "821BAF73-8B32-4659-B85D-C9E04A5E3FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "2A8A2C17-34D3-4726-A8F3-F122496AE57B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "B4A630C6-9D54-4D96-9D49-D4CAAE9EA5FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "F71F0038-5C57-498D-9FFB-804975C24C78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "1DA4DBAF-F34B-4788-AD0D-03A03008FB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "A6082EF5-BFE1-43EA-BCE9-A7420B50085C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:26.0.0:beta9:*:*:*:node.js:*:*",
"matchCriteriaId": "D31FA398-54AE-4162-9A0B-5CC367DBBF63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance. This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
},
{
"lang": "es",
"value": "\"Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Las aplicaciones de Electron que se inician como ejecutables de l\u00ednea de comandos se ven afectadas. Espec\u00edficamente, este problema solo puede explotarse si se cumplen las siguientes condiciones: \n1. La aplicaci\u00f3n se inicia con un directorio de trabajo controlado por el atacante y \n2. El atacante tiene la capacidad de escribir archivos en ese directorio de trabajo.\nEsto hace que el riesgo sea bastante bajo, de hecho, normalmente los problemas de este tipo se consideran fuera de nuestro modelo de amenaza, ya que son similares a Chromium y excluimos los ataques f\u00edsicamente locales, pero dada la capacidad de este problema para eludir ciertas protecciones como la Integridad ASAR, se est\u00e1 tratando con niveles m\u00e1s altos de importancia. Este problema se solucion\u00f3 en las versiones: `26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13` y `22.3.19`. No existen workarounds en la aplicaci\u00f3n, los usuarios deben actualizar a una versi\u00f3n parcheada de Electron.\""
}
],
"id": "CVE-2023-39956",
"lastModified": "2024-11-21T08:16:06.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:13.217",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-22 17:15
Modified
2024-11-21 06:45
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/pull/32178 | Issue Tracking, Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/pull/32240 | Issue Tracking, Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/32178 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/pull/32240 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4548B4FE-05C7-4B38-9BD9-F687DBFC0393",
"versionEndExcluding": "13.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A99CE214-CE9E-4241-B883-7201A737D111",
"versionEndExcluding": "14.2.4",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "619E557E-1349-4591-B668-A50BF968C28A",
"versionEndExcluding": "15.3.5",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B857C2-D1BD-4605-ABE1-497BDD5A4825",
"versionEndExcluding": "16.0.6",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "75600E5E-B4CB-4924-9CFD-E2877FFCCB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "AB42380B-2AE9-481E-BF57-1014E613D7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "4F76DDDC-1924-45C6-AB59-BD7BEA604098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "9C58C2CC-E9C0-4751-8254-41CFCDD24982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "E72DDD37-90EF-4517-8AEF-C3B584269C62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS. Una vulnerabilidad en las versiones anteriores a \"17.0.0-alpha.6\", \"16.0.6\", \"15.3.5\", \"14.2.4\" y \"13.6.6\" permite a renderizadores obtener acceso a un dispositivo bluetooth por medio de la API bluetooth de la web si la aplicaci\u00f3n no ha configurado un controlador de eventos personalizado \"select-bluetooth-device\". Esto ha sido parcheado y las versiones de Electron \"17.0.0-alpha.6\", \"16.0.6\", \"15.3.5\", \"14.2.4\" y \"13.6.6\" contienen la correcci\u00f3n. El c\u00f3digo del aviso de seguridad de GitHub puede a\u00f1adirse a la aplicaci\u00f3n para mitigar el problema"
}
],
"id": "CVE-2022-21718",
"lastModified": "2024-11-21T06:45:17.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-22T17:15:07.810",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32240"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/pull/32240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 21:15
Modified
2024-11-21 07:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 22.0.0 | |
| electronjs | electron | 23.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:-:*:*:*:node.js:*:*",
"matchCriteriaId": "EA67DC7F-0492-45A6-A585-C1F6BA8CB125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "8313BBF8-2C7B-471E-B379-E8F587EB4F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "9B73F495-8C0E-409E-86AC-2FC1A214AA9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "77E1E30F-0BAC-409B-B2D3-FF3B1FDCFE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "6C556804-A20C-4E9F-8F4D-8E824A0032D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "F0995881-8E6C-4B2C-9F3A-F10668916039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta6:*:*:*:node.js:*:*",
"matchCriteriaId": "EB9BD805-BAC9-425D-A590-28B0FB68C3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "197DA034-183C-4407-BD95-B610CBF980A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:22.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "D14A589D-E6F7-4ED7-A123-C83633AC2004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:23.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "8074214C-1787-46B6-A5CC-8DF31BC269EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
},
{
"lang": "es",
"value": "Electron es un framework que le permite escribir aplicaciones de escritorio multiplataforma utilizando JavaScript, HTML y CSS. Una pol\u00edtica de seguridad de contenido que deshabilita la evaluaci\u00f3n, espec\u00edficamente estableciendo una directiva `script-src` y _no_ proporcionando `unsafe-eval` en esa directiva, no se respeta en los renderizadores que tienen la zona de pruebas deshabilitada. es decir, `sandbox: false` en el objeto `webPreferences`. Esto permite el uso inesperado de m\u00e9todos como `eval()` y `new Function`, lo que puede resultar en una superficie de ataque ampliada. Este problema solo afect\u00f3 a las versiones principales 22 y 23 de Electron y se solucion\u00f3 en las \u00faltimas versiones de esas l\u00edneas de lanzamiento. Espec\u00edficamente, estas versiones contienen las correcciones: 22.0.1 y 23.0.0-alpha.2. Recomendamos que todas las aplicaciones actualicen a la \u00faltima versi\u00f3n estable de Electron. Si no es posible realizar la actualizaci\u00f3n, este problema se puede solucionar sin realizar la actualizaci\u00f3n habilitando `sandbox: true` en todos los renderizadores.\n"
}
],
"id": "CVE-2023-23623",
"lastModified": "2024-11-21T07:46:33.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:08.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-07 14:29
Modified
2024-11-21 03:39
Severity ?
Summary
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://electronjs.org/releases#1.8.2-beta.5 | Third Party Advisory | |
| cve@mitre.org | https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://electronjs.org/releases#1.8.2-beta.5 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | 1.8.2 | |
| electronjs | electron | 1.8.2 | |
| electronjs | electron | 1.8.2 | |
| electronjs | electron | 1.8.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0458636-0B6B-4889-9D21-903FFD804AB2",
"versionEndIncluding": "1.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:1.8.2:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "0DA5324C-DCED-4882-AA8F-D44B46A83DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:1.8.2:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "4A3F4B2F-0EDE-4934-8CD7-5AB9F02415ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:1.8.2:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "238ED1DD-4611-4642-A6AB-75A846863F98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:1.8.2:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "7815826A-9DBD-45F6-B2FF-5CDCF3D1D710",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it."
},
{
"lang": "es",
"value": "Github Electron en su versi\u00f3n Electron 1.8.2-beta.4 y anteriores, contiene una vulnerabilidad de inyecci\u00f3n de comandos en el manipulador de protocolos que puede resultar en la ejecuci\u00f3n de comandos. El ataque parece ser explotable cuando una v\u00edctima abre un manipulador de protocolo electron en su navegador. La vulnerabilidad parece haber sido solucionada en Electron 1.8.2-beta.5. El problema se debe a una soluci\u00f3n incompleta para CVE-2018-1000006; espec\u00edficamente la lista negra empleada no era sensible a may\u00fasculas, lo que permite que un atacante pueda omitirla."
}
],
"id": "CVE-2018-1000118",
"lastModified": "2024-11-21T03:39:41.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-07T14:29:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://electronjs.org/releases#1.8.2-beta.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-13 21:15
Modified
2024-11-21 06:58
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | * | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 16.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 17.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 | |
| electronjs | electron | 18.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3846F-57BE-4ABE-A656-CA28FD62BA62",
"versionEndExcluding": "15.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3F2F40-BD84-4541-B5B3-5DC5DC3AEC24",
"versionEndExcluding": "16.2.6",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4978EA-362E-46C8-A56B-4F4B47237C05",
"versionEndExcluding": "17.2.0",
"versionStartIncluding": "17.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DCBD6783-12BE-4D63-B403-188943FB4F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "989D1505-66D5-4855-A8FA-58F9566FF7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E6C15DE2-CA55-4A42-8D64-C44068B24B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "2A4E764B-39E3-4C93-8F7F-1ACFA66FA51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "B67FFDE1-21D0-412E-95FB-D86A350EC9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04F71865-1B3E-4882-B316-87AEAEB84A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "CF914799-7DA1-4B93-9445-1DFCD72D6A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "3DE7DE50-D9B1-48D9-A8F8-2DF34B80BC6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:16.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "2E8C22CB-3247-47F9-8E54-F694437090ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2C8C94BE-5D08-4563-AF15-5FC06BB679AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "987FAB5C-E1EC-4831-9AA0-FAD35A376584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "FAF77E7D-D445-480D-BEBF-A071B58475C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "570418D1-09E9-4A39-8F19-D4ABC1788983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "4D0F4031-84D6-4E8D-AED5-D8C1E5ED3CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "F2B316FE-6214-46FA-88FF-F684DD3D53C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "D8FA77A9-A4AF-404A-B144-97A3CE679444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "6A9DB6A0-6C09-44F9-A76B-7600E9B44CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:17.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "470F4DB3-4AB0-402F-A18C-22A430993F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "11BEDA0E-71FE-4D37-B06F-FA4B281CD970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "05B3D931-5802-471E-AE40-9282CC03E4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "56721A2E-45B2-4D19-B25D-DD8628185B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "577CBB14-4AEF-4CF2-B203-88055A68810D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:electronjs:electron:18.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "16A23DCC-2355-4431-A452-40BC95D3164E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
},
{
"lang": "es",
"value": "Electron es un marco de trabajo para escribir aplicaciones de escritorio multiplataforma utilizando JavaScript (JS), HTML y CSS. Una vulnerabilidad en las versiones anteriores a 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 permite que un renderizador con ejecuci\u00f3n de JS obtenga acceso a un nuevo proceso de renderizaci\u00f3n con \"nodeIntegrationInSubFrames\" habilitado, lo que a su vez permite el acceso efectivo a \"ipcRenderer\". La opci\u00f3n \"nodeIntegrationInSubFrames\" no concede impl\u00edcitamente el acceso a Node.js. M\u00e1s bien, depende de la configuraci\u00f3n del sandbox existente. Si una aplicaci\u00f3n est\u00e1 en sandbox, entonces \"nodeIntegrationInSubFrames\" s\u00f3lo da acceso a las APIs del renderizador en sandbox, que incluyen \"ipcRenderer\". Si la aplicaci\u00f3n expone adicionalmente mensajes IPC sin la comprobaci\u00f3n de IPC \"senderFrame\" que llevan a cabo acciones privilegiadas o devuelven datos confidenciales este acceso a \"ipcRenderer\" puede a su vez comprometer su aplicaci\u00f3n / usuario incluso con el sandbox habilitado. Electron versiones 18.0.0-beta.6, 17.2.0, 16.2.6 y 15.5.5 contienen una correcci\u00f3n para este problema. Como soluci\u00f3n, aseg\u00farese de que todos los manejadores de mensajes IPC comprueban apropiadamente \"senderFrame\""
}
],
"id": "CVE-2022-29247",
"lastModified": "2024-11-21T06:58:48.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-13T21:15:07.763",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}