Lucene search
GoogleOSV:CVE-2020-4075HistoryJul 07, 2020 - 12:15 a.m.
CVE-2020-4075
2020-07-0700:15:10
Google
osv.dev
4
EPSS
0.002
Percentile
55.1%
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Related
prion
prion
Design/Logic Flaw
2020-07-07 00:15:00
cve
cve
CVE-2020-4075
2020-07-07 00:15:10
nvd
nvd
CVE-2020-4075
2020-07-07 00:15:10
cvelist
cvelist
CVE-2020-4075 Arbitrary file read via window-open IPC in Electron
2020-07-07 00:05:28
veracode
veracode
Arbitrary File Read
2020-07-08 06:02:16
github
github
Arbitrary file read via window-open IPC in Electron
2020-07-07 00:01:13
osv
osv
Arbitrary file read via window-open IPC in Electron
2020-07-07 00:01:13