4 matches found
CVE-2020-26272
creationtimestamp| type| source ---|---|--- 2021-01-28 22:39:10+00:00| seen| https://t.me/cibsecurity/22805...
0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +3128 more potentially affected by CVE-2020-26272 via electron (>=0.1.2 <=9.3.5)
electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =0.1.0, =0.12.0 and more Source cves: CVE-2020-26272 Source advisory: OSV:GHSA-HVF8-H2QH-37M9...
CVE-2020-26272
CVE-2020-26272 (Electron IPC frame routing) : In Electron, IPC messages sent from the main process to a subframe in the renderer process (via webContents.sendToFrame , or in handlers using event.reply or the remote module) can be delivered to the wrong frame in versions before fixed releases. Aff...
CVE-2020-26272 Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs
The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...