CVE-2020-26272: Exposure of Resource to Wrong Sphere
(updated )
In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame
, event.reply
or when using the remote
module, can in some cases be delivered to the wrong frame. If your app uses remote
, calls webContents.sendToFrame
, or calls event.reply
in an IPC message handler then it is impacted by this issue.
References
Detect and mitigate CVE-2020-26272 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →