← Back

CVE-2020-26272

nvd nist
Published: Jan 28, 2021Modified: May 27, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: NVD

Description

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.

Affected (79)

Products: Electronjs: Electron
Electronjs
1 product
Electron
Configuration A
79 vulnerable
Vulnerable SoftwareAffected Versions
Electronjs
Electron
From 10.0.0 to 10.2.0
Electron
From 11.0.0 to 11.1.0
Electron
From 9.0.0 to 9.4.0
Electron
Version 10.0.0 beta10
Electron
Version 10.0.0 beta11
Electron
Version 10.0.0 beta12
Electron
Version 10.0.0 beta13
Electron
Version 10.0.0 beta14
Electron
Version 10.0.0 beta15
Electron
Version 10.0.0 beta17
Electron
Version 10.0.0 beta19
Electron
Version 10.0.0 beta1
Electron
Version 10.0.0 beta20
Electron
Version 10.0.0 beta21
Electron
Version 10.0.0 beta23
Electron
Version 10.0.0 beta24
Electron
Version 10.0.0 beta25
Electron
Version 10.0.0 beta2
Electron
Version 10.0.0 beta3
Electron
Version 10.0.0 beta4
Electron
Version 10.0.0 beta5
Electron
Version 10.0.0 beta6
Electron
Version 10.0.0 beta7
Electron
Version 10.0.0 beta8
Electron
Version 10.0.0 beta9
Electron
Version 11.0.0 beta10
Electron
Version 11.0.0 beta11
Electron
Version 11.0.0 beta12
Electron
Version 11.0.0 beta13
Electron
Version 11.0.0 beta14
Electron
Version 11.0.0 beta15
Electron
Version 11.0.0 beta16
Electron
Version 11.0.0 beta17
Electron
Version 11.0.0 beta18
Electron
Version 11.0.0 beta19
Electron
Version 11.0.0 beta1
Electron
Version 11.0.0 beta20
Electron
Version 11.0.0 beta21
Electron
Version 11.0.0 beta22
Electron
Version 11.0.0 beta23
Electron
Version 11.0.0 beta3
Electron
Version 11.0.0 beta4
Electron
Version 11.0.0 beta5
Electron
Version 11.0.0 beta6
Electron
Version 11.0.0 beta7
Electron
Version 11.0.0 beta8
Electron
Version 11.0.0 beta9
Electron
Version 12.0.0 beta1
Electron
Version 12.0.0 beta3
Electron
Version 12.0.0 beta4
Electron
Version 12.0.0 beta5
Electron
Version 12.0.0 beta6
Electron
Version 12.0.0 beta7
Electron
Version 12.0.0 beta8
Electron
Version 12.0.0 beta9
Electron
Version 9.0.0 beta10
Electron
Version 9.0.0 beta11
Electron
Version 9.0.0 beta12
Electron
Version 9.0.0 beta13
Electron
Version 9.0.0 beta14
Electron
Version 9.0.0 beta15
Electron
Version 9.0.0 beta16
Electron
Version 9.0.0 beta17
Electron
Version 9.0.0 beta18
Electron
Version 9.0.0 beta19
Electron
Version 9.0.0 beta1
Electron
Version 9.0.0 beta20
Electron
Version 9.0.0 beta21
Electron
Version 9.0.0 beta22
Electron
Version 9.0.0 beta23
Electron
Version 9.0.0 beta24
Electron
Version 9.0.0 beta2
Electron
Version 9.0.0 beta3
Electron
Version 9.0.0 beta4
Electron
Version 9.0.0 beta5
Electron
Version 9.0.0 beta6
Electron
Version 9.0.0 beta7
Electron
Version 9.0.0 beta8
Electron
Version 9.0.0 beta9

Related CWEs

CWE-668
Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (14)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.