{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.0.0-beta6" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.7.15" }, { "introduced": "0" }, { "last_affected": "1.8.7" }, { "introduced": "0" }, { "last_affected": "2.0.7" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "9c466846edb243dc56899e62d04b0af46d88dc77" }, { "introduced": "0" }, { "last_affected": "e15e15217723e48f915034b65b6a58968ba354aa" }, { "introduced": "0" }, { "last_affected": "5f372f7ecccffb11ba76bcebe4f6b233d7548388" } ], "repo": "https://github.com/electron/electron", "type": "GIT" } ] } ], "details": "GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and \"nativeWindowOpen: true\" or \"sandbox: true\" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.", "id": "CVE-2018-15685", "modified": "2026-03-13T21:47:52.216872149Z", "published": "2018-08-23T05:29:00.227Z", "references": [ { "type": "ADVISORY", "url": "https://electronjs.org/blog/web-preferences-fix" }, { "type": "EVIDENCE", "url": "https://www.exploit-db.com/exploits/45272/" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }