CVE-2020-4077 – Context isolation bypass via contextBridge in Electron
https://notcve.org/view.php?id=CVE-2020-4077
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto. • https://github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824 • CWE-501: Trust Boundary Violation •
CVE-2018-15685 – Electron WebPreferences - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-15685
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. GitHub Electron 1.7.15, 1.8.7, 2.0.7, y 3.0.0-beta.6, en determinados escenarios que incluyen elementos de IFRAME y opciones "nativeWindowOpen: true" o "sandbox: true", se ve afectado por una vulnerabilidad de WebPreferences que puede aprovecharse para realizar la ejecución remota de código. Electron WebPreferences suffers from a remote code execution vulnerability. Versions affected include 3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15. • https://www.exploit-db.com/exploits/45272 https://electronjs.org/blog/web-preferences-fix • CWE-1188: Initialization of a Resource with an Insecure Default •
CVE-2017-16151
https://notcve.org/view.php?id=CVE-2017-16151
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled. En base a los detalles proporcionados por el equipo ElectronJS, se ha descubierto una vulnerabilidad de ejecución remota de código en Google Chromium que afecta a todas las versiones recientes de Electron. Cualquier aplicación de Electron que acceda a contenido remoto es vulnerable a este exploit, independientemente de si la [opción sandbox] (https://electron.atom.io/docs/api/sandbox-option) está habilitada. • https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix https://nodesecurity.io/advisories/539 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-1000136
https://notcve.org/view.php?id=CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4. Electron, en versiones desde la 1.7 hasta la 1.7.12, desde la 1.8 hasta la 1.8.3 y desde la 2.0.0 hasta la 2.0.0-beta.3, contiene una vulnerabilidad de gestión incorrecta de valores en Webviews que puede dar como resultado la ejecución remota de código. Parece que este ataque puede ser explotable mediante una app que permite la ejecución de código de terceros, no acepta la integración de nodos y no especifica si la vista web está habilitada o deshabilitada. • https://www.electronjs.org/blog/webview-fix https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass • CWE-20: Improper Input Validation •
CVE-2018-1000118
https://notcve.org/view.php?id=CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to have been fixed in Electron 1.8.2-beta.5. This issue is due to an incomplete fix for CVE-2018-1000006, specifically the black list used was not case insensitive allowing an attacker to potentially bypass it. Github Electron en su versión Electron 1.8.2-beta.4 y anteriores, contiene una vulnerabilidad de inyección de comandos en el manipulador de protocolos que puede resultar en la ejecución de comandos. • https://electronjs.org/releases#1.8.2-beta.5 https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •