CVE-2020-15174
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-15174
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15174.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-15174
- Aliases
- Related
- Published
- 2020-10-06T18:15:14Z
- Modified
- 2025-09-19T12:05:39.843557Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the
will-navigateevent that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites. The issue is patched in versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 As a workaround sandbox all your iframes using the sandbox attribute. This will prevent them creating top-frame navigations and is good practice anyway. - References
Affected packages
Git / github.com/electron/electron
Affected ranges
- Type
- GIT
- Repo
- https://github.com/electron/electron
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.11.0
v0.11.1
v0.11.10
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.15.6
v0.15.7
v0.15.8
v0.15.9
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.19.4
v0.19.5
v0.2.0
v0.2.1
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.20.4
v0.20.5
v0.20.6
v0.20.7
v0.20.8
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.23.0
v0.24.0
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.26.0
v0.26.1
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.28.0
v0.28.1
v0.28.2
v0.28.3
v0.29.0
v0.29.1
v0.29.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.30.0
v0.30.1
v0.30.2
v0.30.3
v0.30.4
v0.30.5
v0.31.0
v0.31.1
v0.31.2
v0.32.0
v0.32.1
v0.32.2
v0.32.3
v0.33.0
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.5
v0.33.6
v0.33.7
v0.33.8
v0.33.9
v0.34.0
v0.34.1
v0.34.2
v0.34.3
v0.35.0
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.36.0
v0.36.1
v0.36.10
v0.36.11
v0.36.2
v0.36.3
v0.36.4
v0.36.5
v0.36.6
v0.36.7
v0.36.8
v0.36.9
v0.37.0
v0.37.1
v0.37.2
v0.37.3
v0.37.4
v0.37.5
v0.37.6
v0.37.7
v0.37.8
v0.4.0
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.8.0
v1.8.1
v1.8.2-beta.1
v1.8.2-beta.2
v1.8.2-beta.3
v10.*
v10.0.0
v10.0.0-beta.1
v10.0.0-beta.10
v10.0.0-beta.11
v10.0.0-beta.12
v10.0.0-beta.13
v10.0.0-beta.14
v10.0.0-beta.15
v10.0.0-beta.17
v10.0.0-beta.19
v10.0.0-beta.2
v10.0.0-beta.20
v10.0.0-beta.21
v10.0.0-beta.23
v10.0.0-beta.24
v10.0.0-beta.25
v10.0.0-beta.3
v10.0.0-beta.4
v10.0.0-beta.5
v10.0.0-beta.6
v10.0.0-beta.7
v10.0.0-beta.8
v10.0.0-beta.9
v10.0.0-nightly.20200206
v10.0.0-nightly.20200207
v10.0.0-nightly.20200208
v10.0.0-nightly.20200209
v10.0.0-nightly.20200210
v10.0.0-nightly.20200211
v10.0.0-nightly.20200212
v10.0.0-nightly.20200213
v10.0.0-nightly.20200215
v10.0.0-nightly.20200216
v10.0.0-nightly.20200217
v10.0.0-nightly.20200218
v10.0.0-nightly.20200220
v10.0.0-nightly.20200221
v10.0.0-nightly.20200222
v10.0.0-nightly.20200223
v10.0.0-nightly.20200225
v10.0.0-nightly.20200226
v10.0.0-nightly.20200302
v10.0.0-nightly.20200303
v10.0.0-nightly.20200304
v10.0.0-nightly.20200305
v10.0.0-nightly.20200306
v10.0.0-nightly.20200309
v10.0.0-nightly.20200310
v10.0.0-nightly.20200311
v10.0.0-nightly.20200312
v10.0.0-nightly.20200313
v10.0.0-nightly.20200316
v10.0.0-nightly.20200317
v10.0.0-nightly.20200318
v10.0.0-nightly.20200320
v10.0.0-nightly.20200323
v10.0.0-nightly.20200324
v10.0.0-nightly.20200325
v10.0.0-nightly.20200326
v10.0.0-nightly.20200327
v10.0.0-nightly.20200330
v10.0.0-nightly.20200331
v10.0.0-nightly.20200401
v10.0.0-nightly.20200402
v10.0.0-nightly.20200403
v10.0.0-nightly.20200406
v10.0.0-nightly.20200407
v10.0.0-nightly.20200408
v10.0.0-nightly.20200409
v10.0.0-nightly.20200410
v10.0.0-nightly.20200413
v10.0.0-nightly.20200414
v10.0.0-nightly.20200415
v10.0.0-nightly.20200416
v10.0.0-nightly.20200417
v10.0.0-nightly.20200420
v10.0.0-nightly.20200422
v10.0.0-nightly.20200423
v10.0.0-nightly.20200427
v10.0.0-nightly.20200428
v10.0.0-nightly.20200429
v10.0.0-nightly.20200430
v10.0.0-nightly.20200501
v10.0.0-nightly.20200504
v10.0.0-nightly.20200505
v10.0.0-nightly.20200506
v10.0.0-nightly.20200507
v10.0.0-nightly.20200508
v10.0.0-nightly.20200511
v10.0.0-nightly.20200512
v10.0.0-nightly.20200513
v10.0.0-nightly.20200514
v10.0.0-nightly.20200515
v10.0.0-nightly.20200518
v10.0.0-nightly.20200519
v10.0.0-nightly.20200520
v10.0.0-nightly.20200521
v4.*
v4.0.0-nightly.20180816
v4.0.0-nightly.20180817
v4.0.0-nightly.20180819
v4.0.0-nightly.20180821
v4.0.0-nightly.20180823
v4.0.0-nightly.20180905
v4.0.0-nightly.20180929
v4.0.0-nightly.20181006
v4.0.0-nightly.20181010
v5.*
v5.0.0-nightly.20190107
v5.0.0-nightly.20190121
v5.0.0-nightly.20190122
v6.*
v6.0.0-nightly.20190123
v6.0.0-nightly.20190212
v6.0.0-nightly.20190213
v6.0.0-nightly.20190227
v6.0.0-nightly.20190308
v6.0.0-nightly.20190311
v6.0.0-nightly.20190404
v7.*
v7.0.0-nightly.20190521
v7.0.0-nightly.20190529
v7.0.0-nightly.20190530
v7.0.0-nightly.20190531
v7.0.0-nightly.20190601
v7.0.0-nightly.20190602
v7.0.0-nightly.20190603
v7.0.0-nightly.20190604
v7.0.0-nightly.20190605
v7.0.0-nightly.20190606
v7.0.0-nightly.20190607
v7.0.0-nightly.20190608
v7.0.0-nightly.20190609
v7.0.0-nightly.20190610
v7.0.0-nightly.20190611
v7.0.0-nightly.20190612
v7.0.0-nightly.20190613
v7.0.0-nightly.20190614
v7.0.0-nightly.20190615
v7.0.0-nightly.20190616
v7.0.0-nightly.20190618
v7.0.0-nightly.20190619
v7.0.0-nightly.20190620
v7.0.0-nightly.20190621
v7.0.0-nightly.20190622
v7.0.0-nightly.20190623
v7.0.0-nightly.20190624
v7.0.0-nightly.20190625
v7.0.0-nightly.20190626
v7.0.0-nightly.20190627
v7.0.0-nightly.20190629
v7.0.0-nightly.20190630
v7.0.0-nightly.20190701
v7.0.0-nightly.20190702
v7.0.0-nightly.20190703
v7.0.0-nightly.20190704
v7.0.0-nightly.20190718
v7.0.0-nightly.20190719
v7.0.0-nightly.20190720
v7.0.0-nightly.20190721
v7.0.0-nightly.20190722
v7.0.0-nightly.20190723
v7.0.0-nightly.20190724
v7.0.0-nightly.20190725
v7.0.0-nightly.20190726
v7.0.0-nightly.20190727
v7.0.0-nightly.20190728
v7.0.0-nightly.20190729
v7.0.0-nightly.20190730
v7.0.0-nightly.20190731
v8.*
v8.0.0-nightly.20190801
v8.0.0-nightly.20190802
v8.0.0-nightly.20190803
v8.0.0-nightly.20190804
v8.0.0-nightly.20190805
v8.0.0-nightly.20190806
v8.0.0-nightly.20190807
v8.0.0-nightly.20190808
v8.0.0-nightly.20190809
v8.0.0-nightly.20190810
v8.0.0-nightly.20190811
v8.0.0-nightly.20190812
v8.0.0-nightly.20190813
v8.0.0-nightly.20190814
v8.0.0-nightly.20190815
v8.0.0-nightly.20190816
v8.0.0-nightly.20190817
v8.0.0-nightly.20190818
v8.0.0-nightly.20190819
v8.0.0-nightly.20190820
v8.0.0-nightly.20190821
v8.0.0-nightly.20190822
v8.0.0-nightly.20190823
v8.0.0-nightly.20190824
v8.0.0-nightly.20190825
v8.0.0-nightly.20190826
v8.0.0-nightly.20190827
v8.0.0-nightly.20190828
v8.0.0-nightly.20190829
v8.0.0-nightly.20190830
v8.0.0-nightly.20190901
v8.0.0-nightly.20190902
v8.0.0-nightly.20190903
v8.0.0-nightly.20190904
v8.0.0-nightly.20190905
v8.0.0-nightly.20190906
v8.0.0-nightly.20190907
v8.0.0-nightly.20190908
v8.0.0-nightly.20190909
v8.0.0-nightly.20190910
v8.0.0-nightly.20190911
v8.0.0-nightly.20190912
v8.0.0-nightly.20190913
v8.0.0-nightly.20190914
v8.0.0-nightly.20190915
v8.0.0-nightly.20190917
v8.0.0-nightly.20190918
v8.0.0-nightly.20190919
v8.0.0-nightly.20190920
v8.0.0-nightly.20190921
v8.0.0-nightly.20190922
v8.0.0-nightly.20190923
v8.0.0-nightly.20190924
v8.0.0-nightly.20190926
v8.0.0-nightly.20190927
v8.0.0-nightly.20190928
v8.0.0-nightly.20190929
v8.0.0-nightly.20190930
v8.0.0-nightly.20191001
v8.0.0-nightly.20191002
v8.0.0-nightly.20191003
v8.0.0-nightly.20191004
v8.0.0-nightly.20191005
v8.0.0-nightly.20191006
v8.0.0-nightly.20191007
v8.0.0-nightly.20191008
v8.0.0-nightly.20191009
v8.0.0-nightly.20191010
v8.0.0-nightly.20191011
v8.0.0-nightly.20191012
v8.0.0-nightly.20191013
v8.0.0-nightly.20191014
v8.0.0-nightly.20191015
v8.0.0-nightly.20191016
v8.0.0-nightly.20191017
v8.0.0-nightly.20191018
v8.0.0-nightly.20191019
v8.0.0-nightly.20191020
v8.0.0-nightly.20191021
v8.0.0-nightly.20191022
v8.0.0-nightly.20191023
v8.0.0-nightly.20191024
v8.0.0-nightly.20191025
v8.0.0-nightly.20191026
v8.0.0-nightly.20191027
v8.0.0-nightly.20191028
v8.0.0-nightly.20191029
v8.0.0-nightly.20191030
v8.0.0-nightly.20191031
v8.0.0-nightly.20191101
v8.0.0-nightly.20191102
v8.0.0-nightly.20191103
v8.0.0-nightly.20191104
v8.0.0-nightly.20191105
v8.0.0-nightly.20191106
v8.0.0-nightly.20191107
v8.0.0-nightly.20191108
v8.0.0-nightly.20191109
v8.0.0-nightly.20191110
v8.0.0-nightly.20191111
v8.0.0-nightly.20191112
v9.*
v9.0.0-nightly.20191113
v9.0.0-nightly.20191114
v9.0.0-nightly.20191115
v9.0.0-nightly.20191116
v9.0.0-nightly.20191117
v9.0.0-nightly.20191118
v9.0.0-nightly.20191119
v9.0.0-nightly.20191121
v9.0.0-nightly.20191122
v9.0.0-nightly.20191123
v9.0.0-nightly.20191124
v9.0.0-nightly.20191125
v9.0.0-nightly.20191126
v9.0.0-nightly.20191127
v9.0.0-nightly.20191128
v9.0.0-nightly.20191129
v9.0.0-nightly.20191130
v9.0.0-nightly.20191201
v9.0.0-nightly.20191202
v9.0.0-nightly.20191203
v9.0.0-nightly.20191204
v9.0.0-nightly.20191205
v9.0.0-nightly.20191206
v9.0.0-nightly.20191207
v9.0.0-nightly.20191208
v9.0.0-nightly.20191209
v9.0.0-nightly.20191210
v9.0.0-nightly.20191211
v9.0.0-nightly.20191212
v9.0.0-nightly.20191215
v9.0.0-nightly.20191216
v9.0.0-nightly.20191217
v9.0.0-nightly.20191218
v9.0.0-nightly.20191219
v9.0.0-nightly.20191220
v9.0.0-nightly.20191221
v9.0.0-nightly.20191222
v9.0.0-nightly.20191223
v9.0.0-nightly.20191224
v9.0.0-nightly.20191225
v9.0.0-nightly.20191226
v9.0.0-nightly.20191228
v9.0.0-nightly.20191229
v9.0.0-nightly.20191230
v9.0.0-nightly.20191231
v9.0.0-nightly.20200101
v9.0.0-nightly.20200102
v9.0.0-nightly.20200103
v9.0.0-nightly.20200104
v9.0.0-nightly.20200105
v9.0.0-nightly.20200106
v9.0.0-nightly.20200108
v9.0.0-nightly.20200109
v9.0.0-nightly.20200110
v9.0.0-nightly.20200111
v9.0.0-nightly.20200113
v9.0.0-nightly.20200114
v9.0.0-nightly.20200115
v9.0.0-nightly.20200116
v9.0.0-nightly.20200117
v9.0.0-nightly.20200118
v9.0.0-nightly.20200119
v9.0.0-nightly.20200121
v9.0.0-nightly.20200123
v9.0.0-nightly.20200124
v9.0.0-nightly.20200125
v9.0.0-nightly.20200126
v9.0.0-nightly.20200127
v9.0.0-nightly.20200128
v9.0.0-nightly.20200129
v9.0.0-nightly.20200130
v9.0.0-nightly.20200131
v9.0.0-nightly.20200201
v9.0.0-nightly.20200202
v9.0.0-nightly.20200203
v9.0.0-nightly.20200204
v9.0.0-nightly.20200205
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2020-15174-03ae97a3",
"digest": {
"length": 458.0,
"function_hash": "199102409340917251199271695657280783075"
},
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "shell/browser/api/electron_api_web_contents.cc",
"function": "WebContents::OpenURLFromTab"
},
"signature_version": "v1",
"source": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
},
{
"id": "CVE-2020-15174-2e06a103",
"digest": {
"line_hashes": [
"18876523215243715297215661159503178326",
"105122872310601477653131098437781229927",
"176231553178074587801000684218715842294",
"167506055793440953346741244502466215576",
"255993982251929902972200033026413580857"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "shell/browser/api/electron_api_web_contents.cc"
},
"signature_version": "v1",
"source": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
},
{
"id": "CVE-2020-15174-6aef6df8",
"digest": {
"line_hashes": [
"18493730393850289687302545064610393440",
"147977453749043512498612488010979206449",
"308911388708264872865473406063814037530"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "shell/browser/electron_navigation_throttle.h"
},
"signature_version": "v1",
"source": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
},
{
"id": "CVE-2020-15174-8f3204c3",
"digest": {
"line_hashes": [
"1695771876731390988285255923745959558",
"321385116936480687537501712091518721339",
"207554722948287550673032156114503070072"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "shell/browser/electron_navigation_throttle.cc"
},
"signature_version": "v1",
"source": "https://github.com/electron/electron/commit/18613925610ba319da7f497b6deed85ad712c59b"
}
]
}