2 matches found
CVE-2023-23623
The CVE-2023-23623 issue is in Electron where a Content-Security-Policy that disables eval (script-src without unsafe-eval) is not respected in renderers with sandbox: false. Affected are Electron 22 and 23 series; the vulnerability can allow unintended use of eval() or new Function, expanding th...
CVE-2023-23623 Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...