Low severityNVD Advisory· Published Oct 6, 2020· Updated Aug 4, 2024
Context isolation bypass in Electron
CVE-2020-15215
Description
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electronnpm | >= 8.0.0-beta.0, < 8.5.2 | 8.5.2 |
electronnpm | >= 9.0.0-beta.0, < 9.3.1 | 9.3.1 |
electronnpm | >= 10.0.0-beta.0, < 10.1.2 | 10.1.2 |
electronnpm | >= 11.0.0-beta.0, < 11.0.0-beta.6 | 11.0.0-beta.6 |
Affected products
2- Range: >= 8.0.0-beta.0, < 8.5.2
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-56pc-6jqp-xqj8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15215ghsaADVISORY
- github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.