9 matches found
Remote Code Execution
Overview GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. More information to...
Electron WebPreferences - Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested...
Electron WebPreferences - Remote Code Execution
Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...
Electron WebPreferences - Remote Code Execution
CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions 3.0.0-beta.6, 2.0.7,...
@felixrieseberg/electron-prebuilt-compile (>=3.0.0-beta.1 <=3.0.0-beta.13), @getstation/electron-prebuilt-compile (=3.0.0-beta.12) +1 more potentially affected by CVE-2018-15685 via electron (>=3.0.0-beta.1 <=3.0.0-beta.6)
electron NPM version =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.5 Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...
@devpodio/application-manager (>=0.3.16 <=0.3.20), @devpodio/bunyan (>=0.3.16 <=0.3.20) +158 more potentially affected by CVE-2018-15685 via electron (>=1.8.1 <=1.8.7)
electron NPM version =1.8.1, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.20 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...
4cdl (>=1.0.1 <=1.0.7), 77cli (>=0.0.10 <=0.0.12) +364 more potentially affected by CVE-2018-15685 via electron (>=2.0.0 <=2.0.8-nightly.20180820)
electron NPM version =2.0.0, =1.0.1, =0.0.10, =3.0.5, =0.1.0, =1.0.0, =0.0.2, =0.0.1, =1.0.2, =0.0.1, =1.1.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...
@philipptrenz/photo-booth (>=1.0.1 <=1.0.6), @quarks/bpmn-extension (=1.0.0) +46 more potentially affected by CVE-2018-15685 via electron (>=1.7.0 <=1.7.13)
electron NPM version =1.7.0, =1.0.1, =1.0.0, =1.0.1, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0cc6469e, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.ff386514 and more...
CVE-2018-15685
GitHub Electron versions 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6 are affected by a WebPreferences vulnerability when using IFRAME with nativeWindowOpen: true or sandbox: true, enabling remote code execution. The issue arises in Electron’s WebPreferences handling and can be triggered in nested wind...