Vulnerabilities > CVE-2018-15685 - Insecure Default Initialization of Resource vulnerability in Electronjs Electron

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

electronjs

CWE-1188

exploit available

NVD

Published: 2018-08-23

Updated: 2019-10-03

Summary

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Electronjs Electronjs Electron 3.0.0 Electronjs Electron 2.0.7 Electronjs Electron 1.8.7 Electronjs Electron 1.7.15	4

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Exploit-Db

description	Electron WebPreferences - Remote Code Execution. CVE-2018-15685. Remote exploit for Multiple platform
file	exploits/multiple/remote/45272.txt
id	EDB-ID:45272
last seen	2018-10-07
modified	2018-08-27
platform	multiple
port
published	2018-08-27
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45272/
title	Electron WebPreferences - Remote Code Execution
type	remote

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References