admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-07-07 01:01:33 +00:00
parent 08f946e452
commit 15d0edc77f
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2020/15xxx/CVE-2020-15096.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using \"contextIsolation\" are affected.\n\nThere are no app-side workarounds, you must update your Electron version to be protected.\n\nThis is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
"value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21."
}
]
},
@ -78,15 +78,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
},
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg"
}
]
},

12
2020/4xxx/CVE-2020-4075.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open.\n\nAs a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},
@ -75,15 +75,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
},
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm"
}
]
},

12
2020/4xxx/CVE-2020-4076.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using contextIsolation are affected.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},
@ -75,15 +75,15 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
},
{
"name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824",
"refsource": "MISC",
"url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"
},
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79",
"refsource": "CONFIRM",
"url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"
}
]
},

2
2020/4xxx/CVE-2020-4077.json
View File

@ -41,7 +41,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using both `contextIsolation` and `contextBridge` are affected.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
"value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."
}
]
},