CVE-2023-23623 — Vulnetix

CVE-2023-23623 PUBLISHED CVSS 7.5 HIGH

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

EPSS 0.63% · 70.6th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.63%

70.6th percentile

Affected Products

Vendor	Product	Versions
electron	electron	>= 23.0.0-alpha.1, < 23.0.0-alpha.2, >= 22.0.0-beta.1, < 22.0.1, >= 22.0.0-beta.1, < 22.0.1
npm	electron	23.0.0-alpha.1, 22.0.0-beta.1, 23.0.0-alpha.1
atom	electron	22.0.0_beta.1, 23.0.0_alpha.1, 22.0.0_beta.1
electronjs	electron	22.0.0, 22.0.0, 22.0.0

Exploit Intelligence

https://github.com/electron/electron/security/advisories/GHSA-gxh7-wv9q-fwfr (circl)

Timeline

Sep 6, 2023 CVE Published
Sep 7, 2023 EPSS Score
Sep 11, 2023 CVE Updated
Oct 10, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 14, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Feb 17, 2024 EPSS Score
Mar 21, 2024 EPSS Score
Apr 22, 2024 EPSS Score
May 25, 2024 EPSS Score
Jun 27, 2024 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›