2 matches found
CVE-2020-4075
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling event.preventDefault on all new-window events where the url or options is not...
CVE-2020-4075
Summary: CVE-2020-4075 affects Electron before 7.2.4, 8.2.4, and 9.0.0-beta21, allowing arbitrary local file read by defining unsafe window options on a child window opened with window.open. Root cause: unsafe window options on child windows. Impact: local file read via manipulated window options...