Vulnerability Details CVE-2018-15685
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.133
EPSS Ranking 93.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
Products affected by CVE-2018-15685
-
cpe:2.3:a:electronjs:electron:1.7.15
-
cpe:2.3:a:electronjs:electron:1.8.7
-
cpe:2.3:a:electronjs:electron:2.0.7
-
cpe:2.3:a:electronjs:electron:3.0.0