Vulnerabilities > CVE-2018-15685 - Insecure Default Initialization of Resource vulnerability in Electronjs Electron
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Electron WebPreferences - Remote Code Execution. CVE-2018-15685. Remote exploit for Multiple platform |
file | exploits/multiple/remote/45272.txt |
id | EDB-ID:45272 |
last seen | 2018-10-07 |
modified | 2018-08-27 |
platform | multiple |
port | |
published | 2018-08-27 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/45272/ |
title | Electron WebPreferences - Remote Code Execution |
type | remote |