An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4

Context isolation bypass in Electron


Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.


There are no app-side workarounds, you must update your Electron version to be protected.

Fixed Versions

For more information

If you have any questions or comments about this advisory:

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 3 years ago
Updated: 11 months ago

CVSS Score: 5.6
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Identifiers: GHSA-56pc-6jqp-xqj8, CVE-2020-15215

Affected Packages

Versions: >= 11.0.0-beta.0, <= 11.0.0-beta.5, >= 10.0.0-beta.0, < 10.1.2, >= 9.0.0-beta.0, < 9.3.1, >= 8.0.0-beta.0, < 8.5.2
Fixed in: 11.0.0-beta.6, 10.1.2, 9.3.1, 8.5.2