Vulnerabilities > CVE-2020-15174 - Unspecified vulnerability in Electronjs Electron

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

LOW

network

high complexity

electronjs

NVD

Published: 2020-10-06

Updated: 2021-11-18

Summary

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.

Vulnerable Configurations

Part	Description	Count
Application	Electronjs Electronjs Electron 8.0.0 Electronjs Electron 8.0.1 Electronjs Electron 8.0.2 Electronjs Electron 8.0.3 Electronjs Electron 8.1.0 Electronjs Electron 8.1.1 Electronjs Electron 8.2.0 Electronjs Electron 8.2.1 Electronjs Electron 8.2.2 Electronjs Electron 8.2.3 Electronjs Electron 8.2.4 Electronjs Electron 8.2.5 Electronjs Electron 8.3.0 Electronjs Electron 8.3.1 Electronjs Electron 8.3.2 Electronjs Electron 8.3.3 Electronjs Electron 8.3.4 Electronjs Electron 8.4.0 Electronjs Electron 8.4.1 Electronjs Electron 8.5.0 Electronjs Electron 9.0.0 Electronjs Electron 9.0.1 Electronjs Electron 9.0.2 Electronjs Electron 9.0.3 Electronjs Electron 9.0.4 Electronjs Electron 9.0.5 Electronjs Electron 9.0.6 Electronjs Electron 9.1.0 Electronjs Electron 9.1.1 Electronjs Electron 9.1.2 Electronjs Electron 9.2.0 Electronjs Electron 9.2.1 Electronjs Electron 10.0.0	97

Summary

Vulnerable Configurations

References