All the vulnerabilites related to Electron - Electron
cve-2022-29257
Vulnerability from cvelistv5
Published
2022-06-13 21:25
Modified
2024-08-03 06:17
Summary
Electron's AutoUpdater module fails to validate certain nested components of the bundle
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.5.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T21:25:09",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
        }
      ],
      "source": {
        "advisory": "GHSA-77xc-hjv8-ww97",
        "discovery": "UNKNOWN"
      },
      "title": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29257",
          "STATE": "PUBLIC",
          "TITLE": "Electron\u0027s AutoUpdater module fails to validate certain nested components of the bundle"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 15.5.5"
                          },
                          {
                            "version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
                          },
                          {
                            "version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
                          },
                          {
                            "version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim\u0027s own auto updating infrastructure and the ease of that attack entirely depends on the potential victim\u0027s infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-77xc-hjv8-ww97"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-77xc-hjv8-ww97",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29257",
    "datePublished": "2022-06-13T21:25:10",
    "dateReserved": "2022-04-13T00:00:00",
    "dateUpdated": "2024-08-03T06:17:54.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4075
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Summary
Arbitrary file read via window-open IPC in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.4"
            },
            {
              "status": "affected",
              "version": "\u003c 7.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "{\"CWE-552\":\"Files or Directories Accessible to External Parties\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-07T00:05:28",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
        }
      ],
      "source": {
        "advisory": "GHSA-f9mq-jph6-9mhm",
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary file read via window-open IPC in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4075",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary file read via window-open IPC in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
                          },
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.4"
                          },
                          {
                            "version_value": "\u003c 7.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-552\":\"Files or Directories Accessible to External Parties\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
              "refsource": "MISC",
              "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
            },
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-f9mq-jph6-9mhm",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4075",
    "datePublished": "2020-07-07T00:05:28",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-39956
Vulnerability from cvelistv5
Published
2023-09-06 20:09
Modified
2024-09-26 15:17
Summary
Electron: Out-of-package code execution when launched with arbitrary cwd
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:10.164Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:44:20.784199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:17:59.795Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 22.3.19"
            },
            {
              "status": "affected",
              "version": "\u003e= 23.0.0, \u003c 23.3.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 24.0.0, \u003c 24.7.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 25.0.0, \u003c 25.4.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 26.0.0-beta.1, \u003c 26.0.0-beta.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted.   Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with an attacker-controlled working directory and 2. The attacker has the ability to write files to that working directory. This makes the risk quite low, in fact normally issues of this kind are considered outside of our threat model as similar to Chromium we exclude Physically Local Attacks but given the ability for this issue to bypass certain protections like ASAR Integrity it is being treated with higher importance.  This issue has been fixed in versions:`26.0.0-beta.13`, `25.4.1`, `24.7.1`, `23.3.13`, and `22.3.19`. There are no app side workarounds, users must update to a patched version of Electron."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T20:09:33.185Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-7x97-j373-85x5"
        }
      ],
      "source": {
        "advisory": "GHSA-7x97-j373-85x5",
        "discovery": "UNKNOWN"
      },
      "title": "Electron: Out-of-package code execution when launched with arbitrary cwd"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-39956",
    "datePublished": "2023-09-06T20:09:33.185Z",
    "dateReserved": "2023-08-07T16:27:27.075Z",
    "dateUpdated": "2024-09-26T15:17:59.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44402
Vulnerability from cvelistv5
Published
2023-12-01 21:45
Modified
2024-08-02 20:07
Summary
ASAR Integrity bypass via filetype confusion in electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
          },
          {
            "name": "https://github.com/electron/electron/pull/39788",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/39788"
          },
          {
            "name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 22.3.24"
            },
            {
              "status": "affected",
              "version": "\u003e= 23.0.0-alpha.1, \u003c= 23.3.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 24.0.0-alpha.1, \u003c 24.8.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 25.0.0-alpha.1, \u003c 25.8.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 26.0.0-alpha.1, \u003c 26.2.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 27.0.0-alpha.1, \u003c 27.0.0-alpha.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled.  Apps without these fuses enabled are not impacted.  This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too.  i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-01T21:45:18.379Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-7m48-wc93-9g85"
        },
        {
          "name": "https://github.com/electron/electron/pull/39788",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/39788"
        },
        {
          "name": "https://www.electronjs.org/docs/latest/tutorial/fuses",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/docs/latest/tutorial/fuses"
        }
      ],
      "source": {
        "advisory": "GHSA-7m48-wc93-9g85",
        "discovery": "UNKNOWN"
      },
      "title": "ASAR Integrity bypass via filetype confusion in electron"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-44402",
    "datePublished": "2023-12-01T21:45:18.379Z",
    "dateReserved": "2023-09-28T17:56:32.615Z",
    "dateUpdated": "2024-08-02T20:07:33.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12581
Vulnerability from cvelistv5
Published
2017-08-06 02:00
Modified
2024-08-05 18:43
Severity ?
Summary
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user\u0027s host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-12581",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user\u0027s host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf",
              "refsource": "MISC",
              "url": "https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf"
            },
            {
              "name": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html",
              "refsource": "MISC",
              "url": "https://blog.doyensec.com/2017/08/03/electron-framework-security.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-12581",
    "datePublished": "2017-08-06T02:00:00",
    "dateReserved": "2017-08-05T00:00:00",
    "dateUpdated": "2024-08-05T18:43:56.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-23623
Vulnerability from cvelistv5
Published
2023-09-06 20:16
Modified
2024-09-26 17:48
Summary
Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:35:33.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "electron",
            "vendor": "atom",
            "versions": [
              {
                "lessThan": "22.0.1",
                "status": "affected",
                "version": "22.0.0_beta.1",
                "versionType": "custom"
              },
              {
                "lessThan": "23.0.0_alpha.2",
                "status": "affected",
                "version": "23.0.0_alpha.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T17:45:10.379594Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T17:48:22.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 22.0.0-beta.1, \u003c 22.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 23.0.0-alpha.1, \u003c 23.0.0-alpha.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled.  i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670: Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T20:16:10.381Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr"
        }
      ],
      "source": {
        "advisory": "GHSA-gxh7-wv9q-fwfr",
        "discovery": "UNKNOWN"
      },
      "title": "Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-23623",
    "datePublished": "2023-09-06T20:16:10.381Z",
    "dateReserved": "2023-01-16T17:07:46.243Z",
    "dateUpdated": "2024-09-26T17:48:22.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4077
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Summary
Context isolation bypass via contextBridge in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.4"
            },
            {
              "status": "affected",
              "version": "\u003c 7.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-07T00:05:16",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
        }
      ],
      "source": {
        "advisory": "GHSA-h9jc-284h-533g",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass via contextBridge in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4077",
          "STATE": "PUBLIC",
          "TITLE": "Context isolation bypass via contextBridge in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
                          },
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.4"
                          },
                          {
                            "version_value": "\u003c 7.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-501 Trust Boundary Violation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g"
            },
            {
              "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
              "refsource": "MISC",
              "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-h9jc-284h-533g",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4077",
    "datePublished": "2020-07-07T00:05:16",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-21718
Vulnerability from cvelistv5
Published
2022-03-22 16:25
Modified
2024-08-03 02:53
Summary
Renderers can obtain access to random bluetooth device without permission in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:53:35.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/32178"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/32240"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 13.6.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-22T16:25:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/32178"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/32240"
        }
      ],
      "source": {
        "advisory": "GHSA-3p22-ghq8-v749",
        "discovery": "UNKNOWN"
      },
      "title": "Renderers can obtain access to random bluetooth device without permission in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-21718",
          "STATE": "PUBLIC",
          "TITLE": "Renderers can obtain access to random bluetooth device without permission in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 13.6.6"
                          },
                          {
                            "version_value": "\u003e= 14.0.0-beta.1, \u003c 14.2.4"
                          },
                          {
                            "version_value": "\u003e= 15.0.0-beta.1, \u003c 15.3.5"
                          },
                          {
                            "version_value": "\u003e= 16.0.0-beta.1, \u003c 16.0.6"
                          },
                          {
                            "version_value": "\u003e= 17.0.0-alpha.1, \u003c= 17.0.0-alpha.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-3p22-ghq8-v749"
            },
            {
              "name": "https://github.com/electron/electron/pull/32178",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/pull/32178"
            },
            {
              "name": "https://github.com/electron/electron/pull/32240",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/pull/32240"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-3p22-ghq8-v749",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-21718",
    "datePublished": "2022-03-22T16:25:12",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-08-03T02:53:35.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29247
Vulnerability from cvelistv5
Published
2022-06-13 21:05
Modified
2024-08-03 06:17
Summary
Exposure of Resource to Wrong Sphere in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:17:54.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.5.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-13T21:05:10",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
        }
      ],
      "source": {
        "advisory": "GHSA-mq8j-3h7h-p8g7",
        "discovery": "UNKNOWN"
      },
      "title": "Exposure of Resource to Wrong Sphere in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29247",
          "STATE": "PUBLIC",
          "TITLE": "Exposure of Resource to Wrong Sphere in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 15.5.5"
                          },
                          {
                            "version_value": "\u003e= 16.0.0-beta.1, \u003c 16.2.6"
                          },
                          {
                            "version_value": "\u003e= 17.0.0-beta.1, \u003c 17.2.0"
                          },
                          {
                            "version_value": "\u003e= 18.0.0-beta.1, \u003c= 18.0.0-beta.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mq8j-3h7h-p8g7",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-29247",
    "datePublished": "2022-06-13T21:05:10",
    "dateReserved": "2022-04-13T00:00:00",
    "dateUpdated": "2024-08-03T06:17:54.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29198
Vulnerability from cvelistv5
Published
2023-09-06 20:13
Modified
2024-09-26 15:12
Summary
Context isolation bypass via nested unserializable return value in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
          },
          {
            "name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T14:44:07.613258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:12:58.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 22.3.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 23.0.0, \u003c 23.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 24.0.0, \u003c 24.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 25.0.0-alpha.1, \u003c 25.0.0-alpha.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps using `contextIsolation` and `contextBridge` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. This issue is only exploitable if an API exposed to the main world via `contextBridge` can return an object or array that contains a javascript object which cannot be serialized, for instance, a canvas rendering context. This would normally result in an exception being thrown `Error: object could not be cloned`. The app side workaround is to ensure that such a case is not possible. Ensure all values returned from a function exposed over the context bridge are supported. This issue has been fixed in versions `25.0.0-alpha.2`, `24.0.1`, `23.2.3`, and `22.3.6`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T20:13:56.313Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-p7v2-p9m8-qqg7"
        },
        {
          "name": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/docs/latest/api/context-bridge#parameter--error--return-type-support"
        }
      ],
      "source": {
        "advisory": "GHSA-p7v2-p9m8-qqg7",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass via nested unserializable return value in Electron"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-29198",
    "datePublished": "2023-09-06T20:13:56.313Z",
    "dateReserved": "2023-04-03T13:37:18.454Z",
    "dateUpdated": "2024-09-26T15:12:58.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15096
Vulnerability from cvelistv5
Published
2020-07-07 00:10
Modified
2024-08-04 13:08
Summary
Context isolation bypass via Promise in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.1.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.0.0, \u003c 7.2.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.4"
            },
            {
              "status": "affected",
              "version": "\u003e=9.0.0-beta.0, \u003c 9.0.0-beta.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-07T00:10:13",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
        }
      ],
      "source": {
        "advisory": "GHSA-6vrv-94jv-crrg",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass via Promise in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15096",
          "STATE": "PUBLIC",
          "TITLE": "Context isolation bypass via Promise in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 6.1.1"
                          },
                          {
                            "version_value": "\u003e= 7.0.0, \u003c 7.2.4"
                          },
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.4"
                          },
                          {
                            "version_value": "\u003e=9.0.0-beta.0, \u003c 9.0.0-beta.21"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-501 Trust Boundary Violation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
              "refsource": "MISC",
              "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
            },
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-6vrv-94jv-crrg",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15096",
    "datePublished": "2020-07-07T00:10:13",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:22.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4076
Vulnerability from cvelistv5
Published
2020-07-07 00:05
Modified
2024-08-04 07:52
Summary
Context isolation bypass via leaked cross-context objects in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:52:20.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.2.4"
            },
            {
              "status": "affected",
              "version": "\u003c 7.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-07T00:05:21",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
        }
      ],
      "source": {
        "advisory": "GHSA-m93v-9qjc-3g79",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass via leaked cross-context objects in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-4076",
          "STATE": "PUBLIC",
          "TITLE": "Context isolation bypass via leaked cross-context objects in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c= 9.0.0-beta.20"
                          },
                          {
                            "version_value": "\u003e= 8.0.0, \u003c 8.2.4"
                          },
                          {
                            "version_value": "\u003c 7.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-501 Trust Boundary Violation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
              "refsource": "MISC",
              "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
            },
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-m93v-9qjc-3g79",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-4076",
    "datePublished": "2020-07-07T00:05:21",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-08-04T07:52:20.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-39184
Vulnerability from cvelistv5
Published
2021-10-12 19:05
Modified
2024-08-04 01:58
Summary
Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:58:18.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/30728"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 11.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 12.0.0, \u003c 12.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 13.0.0, \u003c 13.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668: Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T19:05:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/30728"
        }
      ],
      "source": {
        "advisory": "GHSA-mpjm-v997-c4h4",
        "discovery": "UNKNOWN"
      },
      "title": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-39184",
          "STATE": "PUBLIC",
          "TITLE": "Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 11.5.0"
                          },
                          {
                            "version_value": "\u003e= 12.0.0, \u003c 12.1.0"
                          },
                          {
                            "version_value": "\u003e= 13.0.0, \u003c 13.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a \"thumbnail\" image of an arbitrary file on the user\u0027s system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. Versions 15.0.0-alpha.10, 14.0.0, 13.3.0, 12.1.0, and 11.5.0 all contain a fix for the vulnerability. Two workarounds aside from upgrading are available. One may make the vulnerability significantly more difficult for an attacker to exploit by enabling `contextIsolation` in one\u0027s app. One may also disable the functionality of the `createThumbnailFromPath` API if one does not need it."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668: Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-mpjm-v997-c4h4"
            },
            {
              "name": "https://github.com/electron/electron/pull/30728",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/pull/30728"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-mpjm-v997-c4h4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-39184",
    "datePublished": "2021-10-12T19:05:11",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-08-04T01:58:18.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36077
Vulnerability from cvelistv5
Published
2022-11-08 00:00
Modified
2024-08-03 09:52
Summary
Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:52:00.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= v21.0.0-nightly.20220526, \u003c 21.0.0-beta.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 20.0.0-beta.1, \u003c 20.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 19.0.0-beta.1, \u003c 19.0.11"
            },
            {
              "status": "affected",
              "version": "\u003c 18.3.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Electron framework enables writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7, Electron is vulnerable to Exposure of Sensitive Information. When following a redirect, Electron delays a check for redirecting to file:// URLs from other schemes. The contents of the file is not available to the renderer following the redirect, but if the redirect target is a SMB URL such as `file://some.website.com/`, then in some cases, Windows will connect to that server and attempt NTLM authentication, which can include sending hashed credentials.This issue has been patched in versions: 21.0.0-beta.1, 20.0.1, 19.0.11, and 18.3.7. Users are recommended to upgrade to the latest stable version of Electron. If upgrading isn\u0027t possible, this issue can be addressed without upgrading by preventing redirects to file:// URLs in the `WebContents.on(\u0027will-redirect\u0027)` event, for all WebContents as a workaround."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522: Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-08T00:00:00",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/electron/electron/security/advisories/GHSA-p2jh-44qj-pf2v"
        }
      ],
      "source": {
        "advisory": "GHSA-p2jh-44qj-pf2v",
        "discovery": "UNKNOWN"
      },
      "title": "Electron subject to Exfiltration of hashed SMB credentials on Windows via file:// redirect"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-36077",
    "datePublished": "2022-11-08T00:00:00",
    "dateReserved": "2022-07-15T00:00:00",
    "dateUpdated": "2024-08-03T09:52:00.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15174
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 13:08
Summary
Unpreventable top-level navigation in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-beta.0, \u003c 8.5.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c 9.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0-beta.0, \u003c 10.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693 Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-06T17:35:13",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
        }
      ],
      "source": {
        "advisory": "GHSA-2q4g-w47c-4674",
        "discovery": "UNKNOWN"
      },
      "title": "Unpreventable top-level navigation in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15174",
          "STATE": "PUBLIC",
          "TITLE": "Unpreventable top-level navigation in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.1"
                          },
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.0"
                          },
                          {
                            "version_value": "\u003e= 10.0.0-beta.0, \u003c 10.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693 Protection Mechanism Failure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674"
            },
            {
              "name": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2q4g-w47c-4674",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15174",
    "datePublished": "2020-10-06T17:35:13",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:22.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15215
Vulnerability from cvelistv5
Published
2020-10-06 18:00
Modified
2024-08-04 13:08
Summary
Context isolation bypass in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-693",
              "description": "CWE-693 Protection Mechanism Failure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-06T18:00:17",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
        }
      ],
      "source": {
        "advisory": "GHSA-56pc-6jqp-xqj8",
        "discovery": "UNKNOWN"
      },
      "title": "Context isolation bypass in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15215",
          "STATE": "PUBLIC",
          "TITLE": "Context isolation bypass in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 8.0.0-beta.0, \u003c 8.5.2"
                          },
                          {
                            "version_value": "\u003e= 9.0.0-beta.0, \u003c 9.3.1"
                          },
                          {
                            "version_value": "\u003e= 10.0.0-beta.0, \u003c 10.1.2"
                          },
                          {
                            "version_value": "\u003e= 11.0.0-beta.0, \u003c 11.0.0-beta.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-693 Protection Mechanism Failure"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-56pc-6jqp-xqj8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15215",
    "datePublished": "2020-10-06T18:00:17",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:22.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-26272
Vulnerability from cvelistv5
Published
2021-01-28 18:25
Modified
2024-08-04 15:56
Summary
IPC messages misrouted in Electron
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:04.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/releases/tag/v9.4.0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/pull/26875"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 9.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.0.0, \u003c 10.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.0.0, \u003c 11.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-668",
              "description": "CWE-668 Exposure of Resource to Wrong Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-28T18:25:17",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/releases/tag/v9.4.0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/pull/26875"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
        }
      ],
      "source": {
        "advisory": "GHSA-hvf8-h2qh-37m9",
        "discovery": "UNKNOWN"
      },
      "title": "IPC messages misrouted in Electron",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26272",
          "STATE": "PUBLIC",
          "TITLE": "IPC messages misrouted in Electron"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "electron",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 9.4.0"
                          },
                          {
                            "version_value": "\u003e= 10.0.0, \u003c 10.2.0"
                          },
                          {
                            "version_value": "\u003e= 11.0.0, \u003c 11.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "electron"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-668 Exposure of Resource to Wrong Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9",
              "refsource": "CONFIRM",
              "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"
            },
            {
              "name": "https://github.com/electron/electron/releases/tag/v9.4.0",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/releases/tag/v9.4.0"
            },
            {
              "name": "https://github.com/electron/electron/pull/26875",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/pull/26875"
            },
            {
              "name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c",
              "refsource": "MISC",
              "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"
            },
            {
              "name": "https://www.electronjs.org/releases/stable?version=9#9.4.0",
              "refsource": "MISC",
              "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hvf8-h2qh-37m9",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26272",
    "datePublished": "2021-01-28T18:25:17",
    "dateReserved": "2020-10-01T00:00:00",
    "dateUpdated": "2024-08-04T15:56:04.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2016-000054
Vulnerability from jvndb
Published
2016-04-22 13:49
Modified
2016-06-01 15:56
Severity ?
Summary
Electron may insecurely load Node modules
Details
Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc.. Electron contains a flaw where the search path for loading Node modules is not restricted properly. This exists due to a flaw in the processing of the 'require' function. When this function is processed, all parent folders for the directory where the module exists is added to the search paths. If an attacker is able to place a malicious Node module in a resulting search path on the victim's system, this Node module will be loaded. Yosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
ElectronElectron
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000054.html",
  "dc:date": "2016-06-01T15:56+09:00",
  "dcterms:issued": "2016-04-22T13:49+09:00",
  "dcterms:modified": "2016-06-01T15:56+09:00",
  "description": "Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript.\r\n\r\nElectron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron is used in applications such as Atom editor, Microsoft Visual Studio Code, etc..\r\n Electron contains a flaw where the search path for loading Node modules is not restricted properly. This exists due to a flaw in the processing of the \u0027require\u0027 function. When this function is processed, all parent folders for the directory where the module exists is added to the search paths. If an attacker is able to place a malicious Node module in a resulting search path on the victim\u0027s system, this Node module will be loaded.\r\n\r\nYosuke HASEGAWA of Secure Sky Technology Inc. reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000054.html",
  "sec:cpe": {
    "#text": "cpe:/a:electron:electron",
    "@product": "Electron",
    "@vendor": "Electron",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000054",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN00324715/index.html",
      "@id": "JVN#00324715",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1202",
      "@id": "CVE-2016-1202",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1202",
      "@id": "CVE-2016-1202",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Electron may insecurely load Node modules"
}