{"containers": {"cna": {"title": "Electron vulnerable to ID collision when routing IPC messages to renderers containing OOPIFs", "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "lang": "en", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"}, {"name": "https://github.com/electron/electron/pull/26875", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/pull/26875"}, {"name": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"}, {"name": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"}, {"name": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"}, {"name": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"}, {"name": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"}, {"name": "https://github.com/electron/electron/releases/tag/v9.4.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/electron/electron/releases/tag/v9.4.0"}, {"name": "https://www.electronjs.org/releases/stable?version=9#9.4.0", "tags": ["x_refsource_MISC"], "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"}], "affected": [{"vendor": "electron", "product": "electron", "versions": [{"version": "< 9.4.0", "status": "affected"}, {"version": ">= 10.0.0, < 10.2.0", "status": "affected"}, {"version": ">= 11.0.0, < 11.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-27T15:20:11.927Z"}, "descriptions": [{"lang": "en", "value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-hvf8-h2qh-37m9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:56:04.080Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/electron/electron/releases/tag/v9.4.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/electron/electron/pull/26875"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-26272", "datePublished": "2021-01-28T18:25:17", "dateReserved": "2020-10-01T00:00:00", "dateUpdated": "2025-05-27T15:20:11.927Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD8DEA8B-C7B1-4255-8EB4-60EF9660CB6C", "versionEndExcluding": "9.4.0", "versionStartIncluding": "9.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FDE1D62-9F3E-41E3-8C5D-C5A200A280A4", "versionEndExcluding": "10.2.0", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*", "matchCriteriaId": "01855BDD-98F7-4577-AA6D-B1776EAF9AA5", "versionEndExcluding": "11.1.0", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "FB793B7F-1C9D-445D-A849-CB28577CA760", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "0C340AA9-8D81-4927-9447-DFCF0DD385AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "D8DF366B-644E-4C43-9DF1-37F1ADD36532", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "BAC64CED-4F36-4667-B909-4265DDEBDA3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "17574861-A808-406A-9B0D-403AD99EA160", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "79CB734A-05B3-4388-BD8F-ECD3FD699D87", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "7E0E7E72-B138-4E09-BEE0-219643377314", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "B19F82AA-3660-4AC5-920E-7E36534ADF36", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*", "matchCriteriaId": "84544C05-24A7-4CDE-B6E1-EC05B6CD9836", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "A8AF3443-F01C-407F-BEE2-A8E601A09211", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "EB7A193D-7B1F-45F0-B385-DE8C75D7088D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta21:*:*:*:*:*:*", "matchCriteriaId": "B8453EF9-E063-4398-A637-E70AEA0FC4D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta22:*:*:*:*:*:*", "matchCriteriaId": "3FFBA70C-CEBE-425D-ABF7-4FF070BE1DCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta23:*:*:*:*:*:*", "matchCriteriaId": "A66951CF-8088-4A74-9E40-1145B3695C0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta24:*:*:*:*:*:*", "matchCriteriaId": "C4A7E569-0B63-4458-93A9-DC1BF3F708C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "4BFFB27D-B11F-4F5B-8624-27042F8A664A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "AF67CE0D-79D8-4CCC-8152-6989D681B618", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "965FE481-DC51-4123-B47A-4825E7231B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "5CA4015A-6D70-490E-AEFD-1C64F582F9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "72B0EAB3-F11C-42B3-8F4A-3D4B652A2740", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "F2F409DE-D2A1-49A6-AA57-D735F4B07D29", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "325AEE66-5BB3-4317-904C-CAEF33DA34F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "FD4B098E-D71A-4770-8A80-75FFCDE5E3A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "D31F3B77-B1FA-4AF6-B78B-3591F0C34A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "9A888965-E6AF-4514-83FE-9BFD098A601B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "D3C4D65F-592A-4BB6-8C76-2157AB4C2B21", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "94ECDC48-11AC-45AA-9A4D-E24DB7713799", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "806D6913-2852-406A-AF46-E5C7FE62C739", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "7E63CACD-F4D7-42C5-97AC-295FEF4DEDCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "24071397-1BE9-42BC-8BE4-AA3E898BE02B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "B72266CF-A2BE-4C6A-B7AB-9110C2672758", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "747441F0-DD8C-47FD-B13C-6FEAFE79A160", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta21:*:*:*:*:*:*", "matchCriteriaId": "DEFD1B8C-7777-42C1-BE27-1BC54CF7C65E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta23:*:*:*:*:*:*", "matchCriteriaId": "8DB5AC65-DCFA-4549-B08B-77AAAAC9248E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta24:*:*:*:*:*:*", "matchCriteriaId": "3DB704A9-DD31-400E-A4EE-1A32D0D415D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta25:*:*:*:*:*:*", "matchCriteriaId": "FE4B1A04-EBB1-4C3E-9CE0-5CD487F27303", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "782AD115-2503-4663-9DBC-64DC82C363CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "C75A9CD8-0E3B-44CF-A828-A5DDD6EBD8B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "9655B40F-53E5-4F7D-8D8D-85FCFDC3B1FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "2419A888-4BF2-4548-8ACA-9550B276247E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "353F51BC-7627-48C3-AFBD-E287D7FC9DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "95FE3E21-1A8A-45D6-B797-903F4D24A460", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:10.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "BECA8D37-A00D-4CBA-9195-DAFA9CFE951D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "6B056B81-3764-49FB-A3C3-EA9B3FB763D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta10:*:*:*:*:*:*", "matchCriteriaId": "FA231DB9-14E3-4BF4-88B6-3AE122993CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta11:*:*:*:*:*:*", "matchCriteriaId": "D3101022-9B4D-4ABC-8D9A-1B8C74265567", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta12:*:*:*:*:*:*", "matchCriteriaId": "CB419AE9-5DFA-41D9-AB2C-C3CF18F1F08A", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta13:*:*:*:*:*:*", "matchCriteriaId": "94A9223E-5B13-4A02-B16D-B6C7612745A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta14:*:*:*:*:*:*", "matchCriteriaId": "BD90D1EB-DE25-4333-9029-CA8908271264", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta15:*:*:*:*:*:*", "matchCriteriaId": "3DED187D-2AE5-491C-94DE-5C44616DFE12", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta16:*:*:*:*:*:*", "matchCriteriaId": "980768C9-026E-4E03-AFE9-17C53B94D8FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta17:*:*:*:*:*:*", "matchCriteriaId": "75049DEC-3563-47AA-9D2A-90C4879D2B03", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta18:*:*:*:*:*:*", "matchCriteriaId": "C5643422-9C2C-4493-A9F1-370945A817C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta19:*:*:*:*:*:*", "matchCriteriaId": "3108EE52-D993-4CDC-9BD3-2C206F49F61D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta20:*:*:*:*:*:*", "matchCriteriaId": "3B194A32-4E7C-49E8-8C01-929FA26F7DF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta21:*:*:*:*:*:*", "matchCriteriaId": "0E07C2F2-1219-45BD-89B6-FB41D4A418F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta22:*:*:*:*:*:*", "matchCriteriaId": "E44904CE-4107-44E0-8EEC-212B2F5CE561", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta23:*:*:*:*:*:*", "matchCriteriaId": "E88A6487-3293-4C46-BE5E-03BA641E0238", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "17001FC8-E8BF-4FB3-B619-598AEBEB3351", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "C662DF3F-FB51-4B87-9133-528B921599E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "F91CE004-5775-4A85-AE15-79928DC4F8F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "A50A9FEF-50D9-4A6E-A232-6F652D606A8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "EB9F6591-69DB-4777-9BB8-80E2EB7692BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "C4948E6E-916D-48BE-B238-95936BED449B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:11.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "B6CCA15C-7957-4220-A3AB-085D503FF0C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "7FA70916-C875-466C-8FDE-21E2464E6780", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7EDDB343-462D-4459-8F91-AF746399017D", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "9A030AF7-8CEB-4C9B-AF89-08B30510813E", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "6F63EB74-D040-4965-8987-6550559A9A31", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "66D5722B-D0DD-439D-B3F8-F5810B26F5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "72ED1AF8-FB97-4B42-BB4D-43294E5D3B0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "6C743A41-E619-402A-AEDA-2994DC69B3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:electronjs:electron:12.0.0:beta9:*:*:*:*:*:*", "matchCriteriaId": "103E66D7-6EF4-4E5E-BFAD-9F223E2F10A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no known workarounds for this issue."}, {"lang": "es", "value": "El framework Electron le permite escribir aplicaciones de escritorio multiplataforma usando JavaScript, HTML y CSS.&#xa0;En las versiones afectadas de Electron IPC, los mensajes enviados desde el proceso principal a una subtrama en el proceso de renderizado, por medio de webContents.sendToFrame, event.reply o cuando se usa el m\u00f3dulo remoto, en algunos casos pueden enviarse a la trama incorrecta.&#xa0;Si su aplicaci\u00f3n usa remoto, llama a webContents.sendToFrame, o llama a event.reply en un manejador de mensajes de IPC, entonces se ve afectado por este problema.&#xa0;Esto se ha corregido en las versiones 9.4.0, 10.2.0, 11.1.0 y 12.0.0-beta.9.&#xa0;No existen soluciones para este problema"}], "id": "CVE-2020-26272", "lastModified": "2025-05-27T16:15:21.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-28T19:15:13.003", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"}, {"source": "security-advisories@github.com", "url": "https://github.com/electron/electron/commit/0bbd268eb4caf35604443df5ff196980dd49e208"}, {"source": "security-advisories@github.com", "url": "https://github.com/electron/electron/commit/36c695ce2a7e22c07fe1e30c61c00d20371daee2"}, {"source": "security-advisories@github.com", "url": "https://github.com/electron/electron/commit/429400040ecb16a21d19936658579e65a797e4cc"}, {"source": "security-advisories@github.com", "url": "https://github.com/electron/electron/commit/5c8e7e8b7f485ceafa8b271086d7b87e1de9dedd"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/pull/26875"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/electron/electron/releases/tag/v9.4.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/pull/26875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/electron/electron/releases/tag/v9.4.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.electronjs.org/releases/stable?version=9#9.4.0"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}