3 matches found
GHSA-56PC-6JQP-XQJ8 Context isolation bypass in Electron
Impact Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context an...
CVE-2020-15096
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. Ther...
Electron may insecurely load Node modules
Overview Electron fails to restrict the path for loading Node modules, which may lead to execution of arbitrary JavaScript. Electron is a software framework for developing cross-platformm desktop applications with web technologies, such as HTML, CSS, JavaScript with Chromium and Node.js. Electron...