admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-06 19:01:49 +00:00
parent 2f6d171959
commit 1eff58f451
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2020/15xxx/CVE-2020-15215.json
View File

@ -44,7 +44,7 @@
"description_data": [
{
"lang": "eng",
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected.\n\nThis is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
"value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions."
}
]
},

5
2020/25xxx/CVE-2020-25248.json
View File

@ -56,6 +56,11 @@
"url": "https://seclists.org/fulldisclosure/2020/Sep/21",
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2020/Sep/21"
},
{
"refsource": "FULLDISC",
"name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)",
"url": "http://seclists.org/fulldisclosure/2020/Oct/9"
}
]
}