CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault()
on all new-window events where the url
or options
is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Vendor | Product | Version | CPE |
---|---|---|---|
electronjs | electron | * | cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:* |
electronjs | electron | 9.0.0 | cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
55.1%