electron is vulnerable to information disclosure. The vulnerability exists as ther Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame
, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
github.com/advisories/GHSA-hvf8-h2qh-37m9
github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
github.com/electron/electron/pull/26875
github.com/electron/electron/releases/tag/v9.4.0
github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
www.electronjs.org/releases/stable?version=9#9.4.0
www.npmjs.com/advisories/1615