CVE-2020-15215

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nodeIntegrationInSubFrames: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

Published: Oct 6, 2020
Updated: May 9, 2024
CVE: CVE-2020-15215
GHSA: GHSA-56pc-6jqp-xqj8
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.6
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
electronjs / electron	9.0.0-beta11	9.0.0-beta11.x
electronjs / electron	9.0.0-beta12	9.0.0-beta12.x
electronjs / electron	9.0.0-beta13	9.0.0-beta13.x
electronjs / electron	9.0.0-beta14	9.0.0-beta14.x
electronjs / electron	9.0.0-beta15	9.0.0-beta15.x
electronjs / electron	9.0.0-beta16	9.0.0-beta16.x
electronjs / electron	9.0.0-beta17	9.0.0-beta17.x
electronjs / electron	9.0.0-beta18	9.0.0-beta18.x
electronjs / electron	9.0.0-beta19	9.0.0-beta19.x
electronjs / electron	9.0.0-beta20	9.0.0-beta20.x
electronjs / electron	9.0.0-beta1	9.0.0-beta1.x
electronjs / electron	9.0.0-beta2	9.0.0-beta2.x
electronjs / electron	9.0.0-beta3	9.0.0-beta3.x
electronjs / electron	9.0.0-beta4	9.0.0-beta4.x
electronjs / electron	9.0.0-beta5	9.0.0-beta5.x
electronjs / electron	9.0.0-beta6	9.0.0-beta6.x
electronjs / electron	9.0.0-beta7	9.0.0-beta7.x
electronjs / electron	9.0.0-beta8	9.0.0-beta8.x
electronjs / electron	9.0.0-beta9	9.0.0-beta9.x
electronjs / electron	9.0.0-beta10	9.0.0-beta10.x
electronjs / electron	9.0.0	9.0.0.x
electronjs / electron	8.0.0-beta2	8.0.0-beta2.x
electronjs / electron	8.0.0-beta3	8.0.0-beta3.x
electronjs / electron	8.0.0-beta4	8.0.0-beta4.x
electronjs / electron	8.0.0-beta5	8.0.0-beta5.x
electronjs / electron	8.0.0-beta6	8.0.0-beta6.x
electronjs / electron	8.0.0-beta7	8.0.0-beta7.x
electronjs / electron	8.0.0-beta8	8.0.0-beta8.x
electronjs / electron	8.0.0-beta9	8.0.0-beta9.x
electronjs / electron	8.0.0-beta0	8.0.0-beta0.x
electronjs / electron	8.0.0-beta1	8.0.0-beta1.x
electronjs / electron	10.0.0	10.0.0.x
electronjs / electron	10.0.1	10.0.1.x
electronjs / electron	10.1.0	10.1.0.x
electronjs / electron	10.1.1	10.1.1.x
electronjs / electron	10.0.0-beta21	10.0.0-beta21.x
electronjs / electron	10.0.0-beta22	10.0.0-beta22.x
electronjs / electron	10.0.0-beta23	10.0.0-beta23.x
electronjs / electron	10.0.0-beta24	10.0.0-beta24.x
electronjs / electron	10.0.0-beta25	10.0.0-beta25.x
electronjs / electron	10.0.0-beta1	10.0.0-beta1.x
electronjs / electron	10.0.0-beta10	10.0.0-beta10.x
electronjs / electron	10.0.0-beta11	10.0.0-beta11.x
electronjs / electron	10.0.0-beta12	10.0.0-beta12.x
electronjs / electron	10.0.0-beta13	10.0.0-beta13.x
electronjs / electron	10.0.0-beta14	10.0.0-beta14.x
electronjs / electron	10.0.0-beta15	10.0.0-beta15.x
electronjs / electron	10.0.0-beta16	10.0.0-beta16.x
electronjs / electron	10.0.0-beta17	10.0.0-beta17.x
electronjs / electron	10.0.0-beta18	10.0.0-beta18.x
electronjs / electron	10.0.0-beta19	10.0.0-beta19.x
electronjs / electron	10.0.0-beta2	10.0.0-beta2.x
electronjs / electron	10.0.0-beta20	10.0.0-beta20.x
electronjs / electron	10.0.0-beta3	10.0.0-beta3.x
electronjs / electron	10.0.0-beta4	10.0.0-beta4.x
electronjs / electron	10.0.0-beta5	10.0.0-beta5.x
electronjs / electron	10.0.0-beta6	10.0.0-beta6.x
electronjs / electron	10.0.0-beta7	10.0.0-beta7.x
electronjs / electron	10.0.0-beta8	10.0.0-beta8.x
electronjs / electron	10.0.0-beta9	10.0.0-beta9.x
electronjs / electron	9.0.1	9.0.1.x
electronjs / electron	9.0.2	9.0.2.x
electronjs / electron	9.0.3	9.0.3.x
electronjs / electron	9.0.4	9.0.4.x
electronjs / electron	9.0.5	9.0.5.x
electronjs / electron	9.0.6	9.0.6.x
electronjs / electron	9.1.0	9.1.0.x
electronjs / electron	9.1.1	9.1.1.x
electronjs / electron	9.1.2	9.1.2.x
electronjs / electron	9.2.0	9.2.0.x
electronjs / electron	9.2.1	9.2.1.x
electronjs / electron	9.3.0	9.3.0.x
electronjs / electron	9.0.0-beta0	9.0.0-beta0.x
electronjs / electron	8.0.0	8.0.0.x
electronjs / electron	8.0.1	8.0.1.x
electronjs / electron	8.0.2	8.0.2.x
electronjs / electron	8.0.3	8.0.3.x
electronjs / electron	8.1.0	8.1.0.x
electronjs / electron	8.1.1	8.1.1.x
electronjs / electron	8.2.0	8.2.0.x
electronjs / electron	8.2.1	8.2.1.x
electronjs / electron	8.2.2	8.2.2.x
electronjs / electron	8.2.3	8.2.3.x
electronjs / electron	8.2.4	8.2.4.x
electronjs / electron	8.2.5	8.2.5.x
electronjs / electron	8.3.0	8.3.0.x
electronjs / electron	8.3.1	8.3.1.x
electronjs / electron	8.3.2	8.3.2.x
electronjs / electron	8.3.3	8.3.3.x
electronjs / electron	8.3.4	8.3.4.x
electronjs / electron	8.4.0	8.4.0.x
electronjs / electron	8.4.1	8.4.1.x
electronjs / electron	8.5.0	8.5.0.x
electronjs / electron	8.5.1	8.5.1.x
electronjs / electron	11.0.0-beta0	11.0.0-beta0.x
electronjs / electron	11.0.0-beta1	11.0.0-beta1.x
electronjs / electron	11.0.0-beta2	11.0.0-beta2.x
electronjs / electron	11.0.0-beta3	11.0.0-beta3.x
electronjs / electron	11.0.0-beta4	11.0.0-beta4.x
electronjs / electron	11.0.0-beta5	11.0.0-beta5.x
electron	8.0.0-beta.0	8.5.2
electron	9.0.0-beta.0	9.3.1
electron	10.0.0-beta.0	10.1.2
electron	11.0.0-beta.0	11.0.0-beta.6

https://github.com/electron/electron/security/advisories/GHSA-56pc-6jqp-xqj8

Vulnerability Database

289,784

CVE-2020-15215