Lucene search
Veracode Vulnerability DatabaseVERACODE:29176HistoryJan 29, 2021 - 3:14 a.m.
Information Disclosure
2021-01-2903:14:58
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
348
electron
vulnerability
ipc
messages
delivery
software security
EPSS
0.001
Percentile
42.0%
electron is vulnerable to information disclosure. The vulnerability exists as ther Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
References
github.com/advisories/GHSA-hvf8-h2qh-37m9
github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
github.com/electron/electron/pull/26875
github.com/electron/electron/releases/tag/v9.4.0
github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
www.electronjs.org/releases/stable?version=9#9.4.0
www.npmjs.com/advisories/1615
Related
nodejs
nodejs
IPC messages delivered to the wrong frame
2021-02-22 21:59:51
prion
prion
Design/Logic Flaw
2021-01-28 19:15:00
cvelist
cvelist
CVE-2020-26272 IPC messages misrouted in Electron
2021-01-28 18:25:17
nvd
nvd
CVE-2020-26272
2021-01-28 19:15:13
github
github
IPC messages delivered to the wrong frame in Electron
2021-01-28 19:11:34
cve
cve
CVE-2020-26272
2021-01-28 19:15:13
osv
osv
CVE-2020-26272
2021-01-28 19:15:13
IPC messages delivered to the wrong frame in Electron
2021-01-28 19:11:34