CVE-2020-26272

Published Jan 28, 2021
Last updated 4 years ago
CVSS medium 6.5
Overview

Description: The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.
Source: security-advisories@github.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses

security-advisories@github.com: CWE-668
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD8DEA8B-C7B1-4255-8EB4-60EF9660CB6C",
            "versionEndExcluding": "9.4.0",
            "versionStartIncluding": "9.0.0"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FDE1D62-9F3E-41E3-8C5D-C5A200A280A4",
            "versionEndExcluding": "10.2.0",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01855BDD-98F7-4577-AA6D-B1776EAF9AA5",
            "versionEndExcluding": "11.1.0",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8453EF9-E063-4398-A637-E70AEA0FC4D5"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3FFBA70C-CEBE-425D-ABF7-4FF070BE1DCD"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A66951CF-8088-4A74-9E40-1145B3695C0E"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4A7E569-0B63-4458-93A9-DC1BF3F708C3"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA231DB9-14E3-4BF4-88B6-3AE122993CC6"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3101022-9B4D-4ABC-8D9A-1B8C74265567"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB419AE9-5DFA-41D9-AB2C-C3CF18F1F08A"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A9223E-5B13-4A02-B16D-B6C7612745A3"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD90D1EB-DE25-4333-9029-CA8908271264"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DED187D-2AE5-491C-94DE-5C44616DFE12"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta16:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "980768C9-026E-4E03-AFE9-17C53B94D8FD"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta17:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75049DEC-3563-47AA-9D2A-90C4879D2B03"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta18:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5643422-9C2C-4493-A9F1-370945A817C5"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta19:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3108EE52-D993-4CDC-9BD3-2C206F49F61D"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta20:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B194A32-4E7C-49E8-8C01-929FA26F7DF9"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta21:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E07C2F2-1219-45BD-89B6-FB41D4A418F3"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta22:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E44904CE-4107-44E0-8EEC-212B2F5CE561"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta23:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E88A6487-3293-4C46-BE5E-03BA641E0238"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A50A9FEF-50D9-4A6E-A232-6F652D606A8D"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB9F6591-69DB-4777-9BB8-80E2EB7692BB"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4948E6E-916D-48BE-B238-95936BED449B"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6CCA15C-7957-4220-A3AB-085D503FF0C6"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FA70916-C875-466C-8FDE-21E2464E6780"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EDDB343-462D-4459-8F91-AF746399017D"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A030AF7-8CEB-4C9B-AF89-08B30510813E"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F63EB74-D040-4965-8987-6550559A9A31"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66D5722B-D0DD-439D-B3F8-F5810B26F5A7"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72ED1AF8-FB97-4B42-BB4D-43294E5D3B0B"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C743A41-E619-402A-AEDA-2994DC69B3C2"
          },
          {
            "criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "103E66D7-6EF4-4E5E-BFAD-9F223E2F10A3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
