VYPR
Low severityNVD Advisory· Published Oct 6, 2020· Updated Aug 4, 2024

Context isolation bypass in Electron

CVE-2020-15215

Description

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
electronnpm
>= 8.0.0-beta.0, < 8.5.28.5.2
electronnpm
>= 9.0.0-beta.0, < 9.3.19.3.1
electronnpm
>= 10.0.0-beta.0, < 10.1.210.1.2
electronnpm
>= 11.0.0-beta.0, < 11.0.0-beta.611.0.0-beta.6

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.