Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Impact
IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
If your app does ANY of the following, then it is impacted by this issue:
- Uses
remote - Calls
webContents.sendToFrame - Calls
event.replyin an IPC message handler
Patches
This has been fixed in the following versions:
- 9.4.0
- 10.2.0
- 11.1.0
- 12.0.0-beta.9
Workarounds
There are no workarounds for this issue.
For more information
If you have any questions or comments about this advisory, email us at [email protected].
Permalink: https://github.com/advisories/GHSA-hvf8-h2qh-37m9JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Identifiers: GHSA-hvf8-h2qh-37m9, CVE-2020-26272
References:
- https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
- https://github.com/electron/electron/pull/26875
- https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
- https://github.com/electron/electron/releases/tag/v9.4.0
- https://www.electronjs.org/releases/stable?version=9#9.4.0
- https://nvd.nist.gov/vuln/detail/CVE-2020-26272
- https://github.com/advisories/GHSA-hvf8-h2qh-37m9
Blast Radius: 26.8
Affected Packages
npm:electron
Dependent packages: 5,167Dependent repositories: 93,246
Downloads: 2,934,694 last month
Affected Version Ranges: >= 11.0.0, < 11.1.0, >= 10.0.0, < 10.2.0, < 9.4.0
Fixed in: 11.1.0, 10.2.0, 9.4.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.4.1, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.15, 1.4.16, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.6.13, 1.6.14, 1.6.15, 1.6.16, 1.6.17, 1.6.18, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.8.8, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.1.11, 7.1.12, 7.1.13, 7.1.14, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.1.0, 8.1.1, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.3.0, 8.3.1, 8.3.2, 8.3.3, 8.3.4, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.1.0, 9.1.1, 9.1.2, 9.2.0, 9.2.1, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 10.0.0, 10.0.1, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.1.6, 10.1.7, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5
All unaffected versions: 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 11.1.0, 11.1.1, 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.3.0, 11.4.0, 11.4.1, 11.4.2, 11.4.3, 11.4.4, 11.4.5, 11.4.6, 11.4.7, 11.4.8, 11.4.9, 11.4.10, 11.4.11, 11.4.12, 11.5.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8, 12.0.9, 12.0.10, 12.0.11, 12.0.12, 12.0.13, 12.0.14, 12.0.15, 12.0.16, 12.0.17, 12.0.18, 12.1.0, 12.1.1, 12.1.2, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 13.0.0, 13.0.1, 13.1.0, 13.1.1, 13.1.2, 13.1.3, 13.1.4, 13.1.5, 13.1.6, 13.1.7, 13.1.8, 13.1.9, 13.2.0, 13.2.1, 13.2.2, 13.2.3, 13.3.0, 13.4.0, 13.5.0, 13.5.1, 13.5.2, 13.6.0, 13.6.1, 13.6.2, 13.6.3, 13.6.6, 13.6.7, 13.6.8, 13.6.9, 14.0.0, 14.0.1, 14.0.2, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.2.2, 14.2.3, 14.2.4, 14.2.5, 14.2.6, 14.2.7, 14.2.8, 14.2.9, 15.0.0, 15.1.0, 15.1.1, 15.1.2, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 15.3.5, 15.3.6, 15.3.7, 15.4.0, 15.4.1, 15.4.2, 15.5.0, 15.5.1, 15.5.2, 15.5.3, 15.5.4, 15.5.5, 15.5.6, 15.5.7, 16.0.0, 16.0.1, 16.0.2, 16.0.3, 16.0.4, 16.0.5, 16.0.6, 16.0.7, 16.0.8, 16.0.9, 16.0.10, 16.1.0, 16.1.1, 16.2.0, 16.2.1, 16.2.2, 16.2.3, 16.2.4, 16.2.5, 16.2.6, 16.2.7, 16.2.8, 17.0.0, 17.0.1, 17.1.0, 17.1.1, 17.1.2, 17.2.0, 17.3.0, 17.3.1, 17.4.0, 17.4.1, 17.4.2, 17.4.3, 17.4.4, 17.4.5, 17.4.6, 17.4.7, 17.4.8, 17.4.9, 17.4.10, 17.4.11, 18.0.0, 18.0.1, 18.0.2, 18.0.3, 18.0.4, 18.1.0, 18.2.0, 18.2.2, 18.2.3, 18.2.4, 18.3.0, 18.3.1, 18.3.2, 18.3.3, 18.3.4, 18.3.5, 18.3.6, 18.3.7, 18.3.8, 18.3.9, 18.3.11, 18.3.12, 18.3.13, 18.3.14, 18.3.15, 19.0.0, 19.0.1, 19.0.2, 19.0.3, 19.0.4, 19.0.5, 19.0.6, 19.0.7, 19.0.8, 19.0.9, 19.0.10, 19.0.11, 19.0.12, 19.0.13, 19.0.14, 19.0.15, 19.0.16, 19.0.17, 19.1.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 19.1.5, 19.1.6, 19.1.7, 19.1.8, 19.1.9, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.1.0, 20.1.1, 20.1.2, 20.1.3, 20.1.4, 20.2.0, 20.3.0, 20.3.1, 20.3.2, 20.3.3, 20.3.4, 20.3.5, 20.3.6, 20.3.7, 20.3.8, 20.3.9, 20.3.10, 20.3.11, 20.3.12, 21.0.0, 21.0.1, 21.1.0, 21.1.1, 21.2.0, 21.2.1, 21.2.2, 21.2.3, 21.3.0, 21.3.1, 21.3.3, 21.3.4, 21.3.5, 21.4.0, 21.4.1, 21.4.2, 21.4.3, 21.4.4, 22.0.0, 22.0.1, 22.0.2, 22.0.3, 22.1.0, 22.2.0, 22.2.1, 22.3.0, 22.3.1, 22.3.2, 22.3.3, 22.3.4, 22.3.5, 22.3.6, 22.3.7, 22.3.8, 22.3.9, 22.3.10, 22.3.11, 22.3.12, 22.3.13, 22.3.14, 22.3.15, 22.3.16, 22.3.17, 22.3.18, 22.3.21, 22.3.22, 22.3.23, 22.3.24, 22.3.25, 22.3.26, 22.3.27, 23.0.0, 23.1.0, 23.1.1, 23.1.2, 23.1.3, 23.1.4, 23.2.0, 23.2.1, 23.2.2, 23.2.3, 23.2.4, 23.3.0, 23.3.1, 23.3.2, 23.3.3, 23.3.4, 23.3.5, 23.3.6, 23.3.7, 23.3.8, 23.3.9, 23.3.10, 23.3.11, 23.3.12, 23.3.13, 24.0.0, 24.1.0, 24.1.1, 24.1.2, 24.1.3, 24.2.0, 24.3.0, 24.3.1, 24.4.0, 24.4.1, 24.5.0, 24.5.1, 24.6.0, 24.6.1, 24.6.2, 24.6.3, 24.6.4, 24.6.5, 24.7.0, 24.7.1, 24.8.0, 24.8.1, 24.8.2, 24.8.3, 24.8.4, 24.8.5, 24.8.6, 24.8.7, 24.8.8, 25.0.0, 25.0.1, 25.1.0, 25.1.1, 25.2.0, 25.3.0, 25.3.1, 25.3.2, 25.4.0, 25.5.0, 25.6.0, 25.7.0, 25.8.0, 25.8.1, 25.8.2, 25.8.3, 25.8.4, 25.9.0, 25.9.1, 25.9.2, 25.9.3, 25.9.4, 25.9.5, 25.9.6, 25.9.7, 25.9.8, 26.0.0, 26.1.0, 26.2.0, 26.2.1, 26.2.2, 26.2.3, 26.2.4, 26.3.0, 26.4.0, 26.4.1, 26.4.2, 26.4.3, 26.5.0, 26.6.0, 26.6.1, 26.6.2, 26.6.3, 26.6.4, 26.6.5, 26.6.6, 26.6.7, 26.6.8, 26.6.9, 26.6.10, 27.0.0, 27.0.1, 27.0.2, 27.0.3, 27.0.4, 27.1.0, 27.1.2, 27.1.3, 27.2.0, 27.2.1, 27.2.2, 27.2.3, 27.2.4, 27.3.0, 27.3.1, 27.3.2, 27.3.3, 27.3.4, 27.3.5, 27.3.6, 27.3.7, 27.3.8, 27.3.9, 27.3.10, 27.3.11, 28.0.0, 28.1.0, 28.1.1, 28.1.2, 28.1.3, 28.1.4, 28.2.0, 28.2.1, 28.2.2, 28.2.3, 28.2.4, 28.2.5, 28.2.6, 28.2.7, 28.2.8, 28.2.9, 28.2.10, 28.3.0, 28.3.1, 29.0.0, 29.0.1, 29.1.0, 29.1.1, 29.1.2, 29.1.3, 29.1.4, 29.1.5, 29.1.6, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 30.0.0, 30.0.1, 30.0.2