IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame.
If your app does ANY of the following, then it is impacted by this issue:
Uses remote
Calls webContents.sendToFrame
Calls event.reply in an IPC message handler
Patches
This has been fixed in the following versions:
9.4.0
10.2.0
11.1.0
12.0.0-beta.9
Workarounds
There are no workarounds for this issue.
For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.
This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.
All current stable versions of Electron are affected.
Patches
This was fixed with #30728, and the following Electron versions contain the fix:
15.0.0-alpha.10
14.0.0
13.3.0
12.1.0
11.5.0
Workarounds
If your app enables contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.
Further, if your app does not depend on the createThumbnailFromPath API, then you can simply disable the functionality. In the main process, before the 'ready' event:
This PR contains the following updates:
7.3.3->11.5.0GitHub Vulnerability Alerts
CVE-2020-26272
Impact
IPC messages sent from the main process to a subframe in the renderer process, through
webContents.sendToFrame,event.replyor when using theremotemodule, can in some cases be delivered to the wrong frame.If your app does ANY of the following, then it is impacted by this issue:
remotewebContents.sendToFrameevent.replyin an IPC message handlerPatches
This has been fixed in the following versions:
Workarounds
There are no workarounds for this issue.
For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.
CVE-2021-39184
Impact
This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases.
All current stable versions of Electron are affected.
Patches
This was fixed with #30728, and the following Electron versions contain the fix:
Workarounds
If your app enables
contextIsolation, this vulnerability is significantly more difficult for an attacker to exploit.Further, if your app does not depend on the
createThumbnailFromPathAPI, then you can simply disable the functionality. In the main process, before the 'ready' event:For more information
If you have any questions or comments about this advisory, email us at security@electronjs.org.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.