CVE-2020-15215

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
GitHub_MCNA
5.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
electronjselectron
8.0.0
electronjselectron
8.0.0:beta0
electronjselectron
8.0.0:beta1
electronjselectron
8.0.0:beta2
electronjselectron
8.0.0:beta3
electronjselectron
8.0.0:beta4
electronjselectron
8.0.0:beta5
electronjselectron
8.0.0:beta6
electronjselectron
8.0.0:beta7
electronjselectron
8.0.0:beta8
electronjselectron
8.0.0:beta9
electronjselectron
8.0.1
electronjselectron
8.0.2
electronjselectron
8.0.3
electronjselectron
8.1.0
electronjselectron
8.1.1
electronjselectron
8.2.0
electronjselectron
8.2.1
electronjselectron
8.2.2
electronjselectron
8.2.3
electronjselectron
8.2.4
electronjselectron
8.2.5
electronjselectron
8.3.0
electronjselectron
8.3.1
electronjselectron
8.3.2
electronjselectron
8.3.3
electronjselectron
8.3.4
electronjselectron
8.4.0
electronjselectron
8.4.1
electronjselectron
8.5.0
electronjselectron
8.5.1
electronjselectron
9.0.0
electronjselectron
9.0.0:beta0
electronjselectron
9.0.0:beta1
electronjselectron
9.0.0:beta10
electronjselectron
9.0.0:beta11
electronjselectron
9.0.0:beta12
electronjselectron
9.0.0:beta13
electronjselectron
9.0.0:beta14
electronjselectron
9.0.0:beta15
electronjselectron
9.0.0:beta16
electronjselectron
9.0.0:beta17
electronjselectron
9.0.0:beta18
electronjselectron
9.0.0:beta19
electronjselectron
9.0.0:beta2
electronjselectron
9.0.0:beta20
electronjselectron
9.0.0:beta3
electronjselectron
9.0.0:beta4
electronjselectron
9.0.0:beta5
electronjselectron
9.0.0:beta6
electronjselectron
9.0.0:beta7
electronjselectron
9.0.0:beta8
electronjselectron
9.0.0:beta9
electronjselectron
9.0.1
electronjselectron
9.0.2
electronjselectron
9.0.3
electronjselectron
9.0.4
electronjselectron
9.0.5
electronjselectron
9.0.6
electronjselectron
9.1.0
electronjselectron
9.1.1
electronjselectron
9.1.2
electronjselectron
9.2.0
electronjselectron
9.2.1
electronjselectron
9.3.0
electronjselectron
10.0.0
electronjselectron
10.0.0:beta1
electronjselectron
10.0.0:beta10
electronjselectron
10.0.0:beta11
electronjselectron
10.0.0:beta12
electronjselectron
10.0.0:beta13
electronjselectron
10.0.0:beta14
electronjselectron
10.0.0:beta15
electronjselectron
10.0.0:beta16
electronjselectron
10.0.0:beta17
electronjselectron
10.0.0:beta18
electronjselectron
10.0.0:beta19
electronjselectron
10.0.0:beta2
electronjselectron
10.0.0:beta20
electronjselectron
10.0.0:beta21
electronjselectron
10.0.0:beta22
electronjselectron
10.0.0:beta23
electronjselectron
10.0.0:beta24
electronjselectron
10.0.0:beta25
electronjselectron
10.0.0:beta3
electronjselectron
10.0.0:beta4
electronjselectron
10.0.0:beta5
electronjselectron
10.0.0:beta6
electronjselectron
10.0.0:beta7
electronjselectron
10.0.0:beta8
electronjselectron
10.0.0:beta9
electronjselectron
10.0.1
electronjselectron
10.1.0
electronjselectron
10.1.1
electronjselectron
11.0.0:beta0
electronjselectron
11.0.0:beta1
electronjselectron
11.0.0:beta2
electronjselectron
11.0.0:beta3
electronjselectron
11.0.0:beta4
electronjselectron
11.0.0:beta5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8
https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8