CVE-2020-26272 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Incorrect calculation
Description	In affected versions of Electron, IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue.

Group	Package	Affected	Fixed	Severity	Status
AVG-1503	electron	11.0.4-1	11.1.0-1	Medium	Fixed
AVG-1502	electron10	10.1.7-1	10.2.0-1	Medium	Fixed
AVG-1501	electron9	9.3.5-1	9.4.0-1	Medium	Fixed

References
https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9 https://github.com/electron/electron/pull/26875 https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c

References

https://github.com/electron/electron/security/advisories/GHSA-hvf8-h2qh-37m9
https://github.com/electron/electron/pull/26875
https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c