CVSS: 6.5EPSS: 0%CPEs: 79EXPL: 0CVE-2020-26272 – IPC messages misrouted in Electron
https://notcve.org/view.php?id=CVE-2020-26272
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. • https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c https://github.com/electron/electron/pull/26875 https://github.com/electron/electron/releases/tag/v9.4.0 https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9 https://www.electronjs.org/releases/stable?version=9#9.4.0 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 3CVE-2020-35717
https://notcve.org/view.php?id=CVE-2020-35717
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). zonote versiones hasta 0.4.0, permite un ataque de tipo XSS por medio de una nota diseñada, con una Ejecución de Código Remota resultante (porque nodeIntegration en webPreferences es verdadero). • https://github.com/Redfox-Secuirty/Hacking-Electron-Apps-CVE-2020-35717- https://github.com/hmartos/cve-2020-35717 https://github.com/zonetti/zonote https://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637 https://www.electronjs.org/apps/zonote • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 100EXPL: 0CVE-2020-15215 – Context isolation bypass in Electron
https://notcve.org/view.php?id=CVE-2020-15215
Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Electron anteriores a las versiones 11.0.0-beta.6, 10.1.2, 9.3.1 o 8.5.2, es vulnerable a una omisión de aislamiento de contexto. • https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8 • CWE-668: Exposure of Resource to Wrong Sphere CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-15174 – Unpreventable top-level navigation in Electron
https://notcve.org/view.php?id=CVE-2020-15174
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway. En Electron anteriores a las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1, el evento "will-navigate" que usa las aplicaciones para evitar la navegación a destinos inesperados según nuestras recomendaciones de seguridad se puede omitir cuando una sub-frame realiza una navegación top-frame a través de los sitios. El problema está parcheado en las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1. • https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 6.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-15096 – Context isolation bypass via Promise in Electron
https://notcve.org/view.php?id=CVE-2020-15096
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. En Electron antes de las versiones 6.1.1, 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto, quiere decir que el código que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto de Electron aislado y llevar a cabo acciones privilegiadas. • https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-501: Trust Boundary Violation •