From 1eff58f451b3efd79ef84213dee2e79c35b6442d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 6 Oct 2020 19:01:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/15xxx/CVE-2020-15215.json | 2 +- 2020/25xxx/CVE-2020-25248.json | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/2020/15xxx/CVE-2020-15215.json b/2020/15xxx/CVE-2020-15215.json index e64c147f74a..b01353635b1 100644 --- a/2020/15xxx/CVE-2020-15215.json +++ b/2020/15xxx/CVE-2020-15215.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected.\n\nThis is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions." + "value": "Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions." } ] }, diff --git a/2020/25xxx/CVE-2020-25248.json b/2020/25xxx/CVE-2020-25248.json index 60b960311bb..cb4cc957e9d 100644 --- a/2020/25xxx/CVE-2020-25248.json +++ b/2020/25xxx/CVE-2020-25248.json @@ -56,6 +56,11 @@ "url": "https://seclists.org/fulldisclosure/2020/Sep/21", "refsource": "MISC", "name": "https://seclists.org/fulldisclosure/2020/Sep/21" + }, + { + "refsource": "FULLDISC", + "name": "20201006 Re: Navy Federal Reflective Cross Site Scripting (XSS)", + "url": "http://seclists.org/fulldisclosure/2020/Oct/9" } ] }