Описание
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Ссылки
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.9 (исключая)
cpe:2.3:a:beakerbrowser:beaker:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00597
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1321
Связанные уязвимости
CVSS3: 10
github
больше 3 лет назад
Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
EPSS
Процентиль: 69%
0.00597
Низкий
10 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-1321