diff --git a/2020/15xxx/CVE-2020-15096.json b/2020/15xxx/CVE-2020-15096.json index 5d8a999d841..6b1edf87e96 100644 --- a/2020/15xxx/CVE-2020-15096.json +++ b/2020/15xxx/CVE-2020-15096.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using \"contextIsolation\" are affected.\n\nThere are no app-side workarounds, you must update your Electron version to be protected.\n\nThis is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21." + "value": "In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using \"contextIsolation\" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21." } ] }, @@ -78,15 +78,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg", - "refsource": "CONFIRM", - "url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg" - }, { "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824", "refsource": "MISC", "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824" + }, + { + "name": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/security/advisories/GHSA-6vrv-94jv-crrg" } ] }, diff --git a/2020/4xxx/CVE-2020-4075.json b/2020/4xxx/CVE-2020-4075.json index 490f8c17fa0..55a24a94526 100644 --- a/2020/4xxx/CVE-2020-4075.json +++ b/2020/4xxx/CVE-2020-4075.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open.\n\nAs a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." + "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." } ] }, @@ -75,15 +75,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm", - "refsource": "CONFIRM", - "url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm" - }, { "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824", "refsource": "MISC", "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824" + }, + { + "name": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm" } ] }, diff --git a/2020/4xxx/CVE-2020-4076.json b/2020/4xxx/CVE-2020-4076.json index dfacbba32de..92721261b3d 100644 --- a/2020/4xxx/CVE-2020-4076.json +++ b/2020/4xxx/CVE-2020-4076.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using contextIsolation are affected.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." + "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." } ] }, @@ -75,15 +75,15 @@ }, "references": { "reference_data": [ - { - "name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79", - "refsource": "CONFIRM", - "url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79" - }, { "name": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824", "refsource": "MISC", "url": "https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824" + }, + { + "name": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79", + "refsource": "CONFIRM", + "url": "https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79" } ] }, diff --git a/2020/4xxx/CVE-2020-4077.json b/2020/4xxx/CVE-2020-4077.json index 3d657636314..c988c213bd5 100644 --- a/2020/4xxx/CVE-2020-4077.json +++ b/2020/4xxx/CVE-2020-4077.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.\n\nApps using both `contextIsolation` and `contextBridge` are affected.\n\nThis is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." + "value": "In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4." } ] },