6.5
CVE-2020-26272
- EPSS 0.97%
- Veröffentlicht 28.01.2021 19:15:13
- Zuletzt bearbeitet 27.05.2025 16:15:21
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginThe Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Electronjs ≫ Electron Version >= 9.0.0 < 9.4.0
Electronjs ≫ Electron Version >= 10.0.0 < 10.2.0
Electronjs ≫ Electron Version >= 11.0.0 < 11.1.0
Electronjs ≫ Electron Version9.0.0 Updatebeta1
Electronjs ≫ Electron Version9.0.0 Updatebeta10
Electronjs ≫ Electron Version9.0.0 Updatebeta11
Electronjs ≫ Electron Version9.0.0 Updatebeta12
Electronjs ≫ Electron Version9.0.0 Updatebeta13
Electronjs ≫ Electron Version9.0.0 Updatebeta14
Electronjs ≫ Electron Version9.0.0 Updatebeta15
Electronjs ≫ Electron Version9.0.0 Updatebeta16
Electronjs ≫ Electron Version9.0.0 Updatebeta17
Electronjs ≫ Electron Version9.0.0 Updatebeta18
Electronjs ≫ Electron Version9.0.0 Updatebeta19
Electronjs ≫ Electron Version9.0.0 Updatebeta2
Electronjs ≫ Electron Version9.0.0 Updatebeta20
Electronjs ≫ Electron Version9.0.0 Updatebeta21
Electronjs ≫ Electron Version9.0.0 Updatebeta22
Electronjs ≫ Electron Version9.0.0 Updatebeta23
Electronjs ≫ Electron Version9.0.0 Updatebeta24
Electronjs ≫ Electron Version9.0.0 Updatebeta3
Electronjs ≫ Electron Version9.0.0 Updatebeta4
Electronjs ≫ Electron Version9.0.0 Updatebeta5
Electronjs ≫ Electron Version9.0.0 Updatebeta6
Electronjs ≫ Electron Version9.0.0 Updatebeta7
Electronjs ≫ Electron Version9.0.0 Updatebeta8
Electronjs ≫ Electron Version9.0.0 Updatebeta9
Electronjs ≫ Electron Version10.0.0 Updatebeta1
Electronjs ≫ Electron Version10.0.0 Updatebeta10
Electronjs ≫ Electron Version10.0.0 Updatebeta11
Electronjs ≫ Electron Version10.0.0 Updatebeta12
Electronjs ≫ Electron Version10.0.0 Updatebeta13
Electronjs ≫ Electron Version10.0.0 Updatebeta14
Electronjs ≫ Electron Version10.0.0 Updatebeta15
Electronjs ≫ Electron Version10.0.0 Updatebeta17
Electronjs ≫ Electron Version10.0.0 Updatebeta19
Electronjs ≫ Electron Version10.0.0 Updatebeta2
Electronjs ≫ Electron Version10.0.0 Updatebeta20
Electronjs ≫ Electron Version10.0.0 Updatebeta21
Electronjs ≫ Electron Version10.0.0 Updatebeta23
Electronjs ≫ Electron Version10.0.0 Updatebeta24
Electronjs ≫ Electron Version10.0.0 Updatebeta25
Electronjs ≫ Electron Version10.0.0 Updatebeta3
Electronjs ≫ Electron Version10.0.0 Updatebeta4
Electronjs ≫ Electron Version10.0.0 Updatebeta5
Electronjs ≫ Electron Version10.0.0 Updatebeta6
Electronjs ≫ Electron Version10.0.0 Updatebeta7
Electronjs ≫ Electron Version10.0.0 Updatebeta8
Electronjs ≫ Electron Version10.0.0 Updatebeta9
Electronjs ≫ Electron Version11.0.0 Updatebeta1
Electronjs ≫ Electron Version11.0.0 Updatebeta10
Electronjs ≫ Electron Version11.0.0 Updatebeta11
Electronjs ≫ Electron Version11.0.0 Updatebeta12
Electronjs ≫ Electron Version11.0.0 Updatebeta13
Electronjs ≫ Electron Version11.0.0 Updatebeta14
Electronjs ≫ Electron Version11.0.0 Updatebeta15
Electronjs ≫ Electron Version11.0.0 Updatebeta16
Electronjs ≫ Electron Version11.0.0 Updatebeta17
Electronjs ≫ Electron Version11.0.0 Updatebeta18
Electronjs ≫ Electron Version11.0.0 Updatebeta19
Electronjs ≫ Electron Version11.0.0 Updatebeta20
Electronjs ≫ Electron Version11.0.0 Updatebeta21
Electronjs ≫ Electron Version11.0.0 Updatebeta22
Electronjs ≫ Electron Version11.0.0 Updatebeta23
Electronjs ≫ Electron Version11.0.0 Updatebeta3
Electronjs ≫ Electron Version11.0.0 Updatebeta4
Electronjs ≫ Electron Version11.0.0 Updatebeta5
Electronjs ≫ Electron Version11.0.0 Updatebeta6
Electronjs ≫ Electron Version11.0.0 Updatebeta7
Electronjs ≫ Electron Version11.0.0 Updatebeta8
Electronjs ≫ Electron Version11.0.0 Updatebeta9
Electronjs ≫ Electron Version12.0.0 Updatebeta1
Electronjs ≫ Electron Version12.0.0 Updatebeta3
Electronjs ≫ Electron Version12.0.0 Updatebeta4
Electronjs ≫ Electron Version12.0.0 Updatebeta5
Electronjs ≫ Electron Version12.0.0 Updatebeta6
Electronjs ≫ Electron Version12.0.0 Updatebeta7
Electronjs ≫ Electron Version12.0.0 Updatebeta8
Electronjs ≫ Electron Version12.0.0 Updatebeta9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.97% | 0.758 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| security-advisories@github.com | 5.4 | 2.2 | 2.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.