Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Hacker One
Hacker Oneadded 2022/07/23 4:36 a.m.38 views

Internet Bug Bounty: Disabling context isolation, nodeIntegrationInSubFrames using an unauthorised frame.

Details can be found in the following github advisory: https://github.com/electron/electron/security/advisories/GHSA-mq8j-3h7h-p8g7 Impact Using a renderer exploit, context isolation and nodeIntegrationInSubFrames can be disabled, which enables an attacker to leak IPC module and communicate with...

7.2AI score
Exploits0
OSV
OSVadded 2022/06/16 11:14 p.m.40 views

GHSA-MQ8J-3H7H-P8G7 Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Impact This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer. Please note the misleadingly named nodeIntegrationInSubFrames option does not implicitly grant...

2.2CVSS6.4AI score0.00803EPSS
Exploits0References3
NVD
NVDadded 2022/06/13 9:15 p.m.11 views

CVE-2022-29247

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

9.8CVSS0.00803EPSS
Exploits0References1
Prion
Prionadded 2022/06/13 9:15 p.m.20 views

Design/Logic Flaw

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

6.8CVSS9.4AI score0.00803EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/06/13 9:5 p.m.15 views

CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

2.2CVSS9.3AI score0.00803EPSS
Exploits0References3
CVE
CVEadded 2022/06/13 9:5 p.m.489 views

CVE-2022-29247

CVE-2022-29247 — Electron IPC leakage via nodeIntegrationInSubFrames . The issue affects Electron versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5. A renderer with JS execution can gain access to a new renderer process when nodeIntegrationInSubFrames is enabled, which can expose access...

9.8CVSS6.5AI score0.00803EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2020/10/06 6:15 p.m.15 views

CVE-2020-15215

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass,...

5.6CVSS5.5AI score
Exploits0References1
Rows per page
Query Builder