Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-2Q4G-W47C-4674
HistoryOct 06, 2020 - 2:24 p.m.

Unpreventable top-level navigation

2020-10-0614:24:04
Google
osv.dev
18
electron
security recommendations
top-level navigation
sub-frame
patches
workarounds
iframes
sandbox attribute

EPSS

0.001

Percentile

49.3%

JSON

Impact

The will-navigate event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites.

Patches

  • 11.0.0-beta.1
  • 10.0.1
  • 9.3.0
  • 8.5.1

Workarounds

Sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.

For more information

If you have any questions or comments about this advisory:

Related

veracode 1
cvelist 1
nvd 1
prion 1
osv 1
cve 1
github 1
veracode
veracode
Top-Level Navigation Restrictions Bypass
2020-10-07 00:22:57
cvelist
cvelist
CVE-2020-15174 Unpreventable top-level navigation in Electron
2020-10-06 17:35:13
nvd
nvd
CVE-2020-15174
2020-10-06 18:15:14
prion
prion
Code injection
2020-10-06 18:15:00
osv
osv
CVE-2020-15174
2020-10-06 18:15:14
cve
cve
CVE-2020-15174
2020-10-06 18:15:14
github
github
Unpreventable top-level navigation
2020-10-06 14:24:04

EPSS

0.001

Percentile

49.3%

JSON
Related for OSV:GHSA-2Q4G-W47C-4674
veracode1cvelist1nvd1prion1osv1cve1github1