VDB
EN
MEDIUM 5.6

GHSA-56pc-6jqp-xqj8

Context isolation bypass in Electron

상세

### Impact Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nativeWindowOpen: true` are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

### Workarounds There are no app-side workarounds, you must update your Electron version to be protected.

### Fixed Versions * `11.0.0-beta.6` * `10.1.2` * `9.3.1` * `8.5.2`

### For more information If you have any questions or comments about this advisory: * Email us at [security@electronjs.org](mailto:security@electronjs.org)

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / electron
최초 영향 버전: 8.0.0-beta.0 수정 버전: 8.5.2
수정 npm install electron@8.5.2
npm / electron
최초 영향 버전: 9.0.0-beta.0 수정 버전: 9.3.1
수정 npm install electron@9.3.1
npm / electron
최초 영향 버전: 10.0.0-beta.0 수정 버전: 10.1.2
수정 npm install electron@10.1.2
npm / electron
최초 영향 버전: 11.0.0-beta.0 수정 버전: 11.0.0-beta.6
수정 npm install electron@11.0.0-beta.6

참고