Home

Awesome

CVE-2018-15685 - Electron WebPreferences Remote Code Execution

This is a minimal Electron application with a POC for CVE-2018-15685.

A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). This vulnerability has been assigned the CVE identifier CVE-2018-15685.

For more information see my full write up on the Contrast Security blog or the write up on the offical blog from Electron

The project contains the fillowing files:

You can learn more about each of these components within the Quick Start Guide.

To Use

To clone and run this repository you'll need Git and Node.js (which comes with npm) installed on your computer. From your command line:

# Clone this repository
git clone https://github.com/matt-/CVE-2018-15685
# Go into the repository
cd CVE-2018-15685
# Install dependencies
npm install
# Run the app
npm start