VYPR
High severity8.1NVD Advisory· Published Aug 23, 2018· Updated Jun 17, 2026

CVE-2018-15685

CVE-2018-15685

Description

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
electronnpm
>= 1.7.0, < 1.7.161.7.16
electronnpm
>= 1.8.0, < 1.8.81.8.8
electronnpm
>= 2.0.0, < 2.0.82.0.8
electronnpm
>= 3.0.0-beta.1, < 3.0.0-beta.73.0.0-beta.7

Affected products

1

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.