Lucene search
K

9 matches found

Node.js
Node.js
added 2018/11/07 10:7 p.m.495 views

Remote Code Execution

Overview GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. More information to...

6.8CVSS2AI score0.10427EPSS
Exploits4Affected Software1
0day.today
0day.today
added 2018/08/28 12:0 a.m.62 views

Electron WebPreferences - Remote Code Execution Exploit

Exploit for multiple platform in category remote exploits CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested...

8.2AI score0.10427EPSS
Exploits4
exploitpack
exploitpack
added 2018/08/27 12:0 a.m.39 views

Electron WebPreferences - Remote Code Execution

Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...

6.8CVSS0.3AI score0.10427EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/08/27 12:0 a.m.49 views

Electron WebPreferences - Remote Code Execution

CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions 3.0.0-beta.6, 2.0.7,...

8.1CVSS7AI score0.10427EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2018/08/23 7:12 p.m.4 views

@felixrieseberg/electron-prebuilt-compile (>=3.0.0-beta.1 <=3.0.0-beta.13), @getstation/electron-prebuilt-compile (=3.0.0-beta.12) +1 more potentially affected by CVE-2018-15685 via electron (>=3.0.0-beta.1 <=3.0.0-beta.6)

electron NPM version =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.5 Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...

8.1CVSS7.2AI score0.10427EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2018/08/23 7:12 p.m.5 views

@devpodio/application-manager (>=0.3.16 <=0.3.20), @devpodio/bunyan (>=0.3.16 <=0.3.20) +158 more potentially affected by CVE-2018-15685 via electron (>=1.8.1 <=1.8.7)

electron NPM version =1.8.1, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.16, =0.3.20 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...

8.1CVSS7.2AI score0.10427EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2018/08/23 7:12 p.m.4 views

4cdl (>=1.0.1 <=1.0.7), 77cli (>=0.0.10 <=0.0.12) +364 more potentially affected by CVE-2018-15685 via electron (>=2.0.0 <=2.0.8-nightly.20180820)

electron NPM version =2.0.0, =1.0.1, =0.0.10, =3.0.5, =0.1.0, =1.0.0, =0.0.2, =0.0.1, =1.0.2, =0.0.1, =1.1.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...

8.1CVSS7.2AI score0.10427EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2018/08/23 7:12 p.m.4 views

@philipptrenz/photo-booth (>=1.0.1 <=1.0.6), @quarks/bpmn-extension (=1.0.0) +46 more potentially affected by CVE-2018-15685 via electron (>=1.7.0 <=1.7.13)

electron NPM version =1.7.0, =1.0.1, =1.0.0, =1.0.1, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0cc6469e, =0.4.0-next.0b426d22, =0.3.3, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.0b426d22, =0.4.0-next.ff386514 and more...

8.1CVSS7.2AI score0.10427EPSS
Exploits4
CVE
CVE
added 2018/08/23 5:0 a.m.85 views

CVE-2018-15685

GitHub Electron versions 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6 are affected by a WebPreferences vulnerability when using IFRAME with nativeWindowOpen: true or sandbox: true, enabling remote code execution. The issue arises in Electron’s WebPreferences handling and can be triggered in nested wind...

8.1CVSS8.2AI score0.10427EPSS
Exploits4References2Affected Software1
Rows per page
Query Builder