CVE-2020-15174 – Unpreventable top-level navigation in Electron
https://notcve.org/view.php?id=CVE-2020-15174
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway. En Electron anteriores a las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1, el evento "will-navigate" que usa las aplicaciones para evitar la navegación a destinos inesperados según nuestras recomendaciones de seguridad se puede omitir cuando una sub-frame realiza una navegación top-frame a través de los sitios. El problema está parcheado en las versiones 11.0.0-beta.1, 10.0.1, 9.3.0 o 8.5.1. • https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b https://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVE-2020-15096 – Context isolation bypass via Promise in Electron
https://notcve.org/view.php?id=CVE-2020-15096
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21. En Electron antes de las versiones 6.1.1, 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto, quiere decir que el código que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto de Electron aislado y llevar a cabo acciones privilegiadas. • https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-501: Trust Boundary Violation •
CVE-2020-4075 – Arbitrary file read via window-open IPC in Electron
https://notcve.org/view.php?id=CVE-2020-4075
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, una lectura arbitraria de archivos locales es posible al definir opciones de ventana no seguras en una ventana secundaria abierta por medio de window.open. Como solución alternativa, asegúrense de llamar a la función "event.preventDefault()" en todos los eventos de ventanas nuevas donde la "url" u "options" no es algo que se espera. • https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-4076 – Context isolation bypass via leaked cross-context objects in Electron
https://notcve.org/view.php?id=CVE-2020-4076
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto. • https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79 https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-501: Trust Boundary Violation •
CVE-2020-4077 – Context isolation bypass via contextBridge in Electron
https://notcve.org/view.php?id=CVE-2020-4077
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto. • https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-501: Trust Boundary Violation •