Lucene search
GoogleOSV:CVE-2020-15174HistoryOct 06, 2020 - 6:15 p.m.
CVE-2020-15174
2020-10-0618:15:14
Google
osv.dev
4
electron
security
will-navigate
bypass
sub-frame
top-frame
navigation
sandbox
attribute
patched
version 11.0.0-beta.1
version 10.0.1
version 9.3.0
version 8.5.1
software
EPSS
0.001
Percentile
49.3%
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.
Related
osv
osv
Unpreventable top-level navigation
2020-10-06 14:24:04
veracode
veracode
Top-Level Navigation Restrictions Bypass
2020-10-07 00:22:57
cvelist
cvelist
CVE-2020-15174 Unpreventable top-level navigation in Electron
2020-10-06 17:35:13
nvd
nvd
CVE-2020-15174
2020-10-06 18:15:14
prion
prion
Code injection
2020-10-06 18:15:00
github
github
Unpreventable top-level navigation
2020-10-06 14:24:04
cve
cve
CVE-2020-15174
2020-10-06 18:15:14