Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
516
VMScore

CVE-2020-15174

Published: 06/10/2020 Updated: 18/11/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 4.7 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Electronjs

Vulnerability Summary

In Electron prior to 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

electronjs electron

References

NVD-CWE-Otherhttps://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59bhttps://github.com/electron/electron/security/advisories/GHSA-2q4g-w47c-4674https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook