MEDIUM 6.8 npm
Arbitrary file read via window-open IPC in Electron
GHSA-f9mq-jph6-9mhm · CVE-2020-4075
Published · Modified
Description
Impact
The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.
Workarounds
Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.
Fixed Versions
9.0.0-beta.218.2.47.2.4
For more information
If you have any questions or comments about this advisory:
- Email us at security@electronjs.org
Ready to move
Start Securing
Free, no credit card | First findings in minutes