Lucene search
K

4 matches found

Circl
Circl
added 2021/01/28 10:39 p.m.7 views

CVE-2020-26272

creationtimestamp| type| source ---|---|--- 2021-01-28 22:39:10+00:00| seen| https://t.me/cibsecurity/22805...

6.5CVSS6.3AI score0.01773EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/01/28 7:11 p.m.7 views

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +3128 more potentially affected by CVE-2020-26272 via electron (>=0.1.2 <=9.3.5)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.1, =0.0.10, =1.0.2, =1.1.11, =0.1.0, =0.1.0, =0.12.0 and more Source cves: CVE-2020-26272 Source advisory: OSV:GHSA-HVF8-H2QH-37M9...

6.5CVSS6.5AI score0.01773EPSS
Exploits0
CVE
CVE
added 2021/01/28 6:25 p.m.53 views

CVE-2020-26272

CVE-2020-26272 (Electron IPC frame routing) : In Electron, IPC messages sent from the main process to a subframe in the renderer process (via webContents.sendToFrame , or in handlers using event.reply or the remote module) can be delivered to the wrong frame in versions before fixed releases. Aff...

6.5CVSS5.8AI score0.01773EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2021/01/28 6:25 p.m.21 views

CVE-2020-26272 Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

5.4CVSS6.4AI score0.01773EPSS
Exploits0References9
Rows per page
Query Builder