CVE-2020-4075
- Source
- https://cve.org/CVERecord?id=CVE-2020-4075
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4075.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-4075
- Aliases
- Related
- Published
- 2020-07-07T00:15:10.513Z
- Modified
- 2026-04-10T04:26:26.414268Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling
event.preventDefault()on all new-window events where theurloroptionsis not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. - References
Affected packages
Git / github.com/electron/electron
Affected ranges
- Type
- GIT
- Repo
- https://github.com/electron/electron
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "7.0.0" }, { "fixed": "7.2.4" }, { "introduced": "8.0.0" }, { "fixed": "8.2.4" }, { "introduced": "0" }, { "last_affected": "9.0.0-NA" } ] }
Affected versions
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.10.6
v0.10.7
v0.11.0
v0.11.1
v0.11.10
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.11.7
v0.11.8
v0.11.9
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.5
v0.12.6
v0.12.7
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.15.6
v0.15.7
v0.15.8
v0.15.9
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.19.4
v0.19.5
v0.2.0
v0.2.1
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.20.4
v0.20.5
v0.20.6
v0.20.7
v0.20.8
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.23.0
v0.24.0
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.26.0
v0.26.1
v0.27.0
v0.27.1
v0.27.2
v0.27.3
v0.28.0
v0.28.1
v0.28.2
v0.28.3
v0.29.0
v0.29.1
v0.29.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.30.0
v0.30.1
v0.30.2
v0.30.3
v0.30.4
v0.30.5
v0.31.0
v0.31.1
v0.31.2
v0.32.0
v0.32.1
v0.32.2
v0.32.3
v0.33.0
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.7
v0.33.8
v0.33.9
v0.34.0
v0.34.1
v0.34.2
v0.34.3
v0.35.0
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.36.0
v0.36.1
v0.36.10
v0.36.11
v0.36.2
v0.36.3
v0.36.4
v0.36.5
v0.36.6
v0.36.7
v0.36.8
v0.36.9
v0.37.0
v0.37.1
v0.37.2
v0.37.3
v0.37.4
v0.37.5
v0.37.6
v0.37.7
v0.37.8
v0.4.0
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v1.*
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.4.0
v1.4.1
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.15
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.8.0
v1.8.1
v1.8.2-beta.1
v1.8.2-beta.2
v1.8.2-beta.3
v4.*
v4.0.0-nightly.20180816
v4.0.0-nightly.20180817
v4.0.0-nightly.20180819
v4.0.0-nightly.20180821
v4.0.0-nightly.20180823
v4.0.0-nightly.20180905
v4.0.0-nightly.20180929
v4.0.0-nightly.20181006
v4.0.0-nightly.20181010
v5.*
v5.0.0-nightly.20190107
v5.0.0-nightly.20190121
v5.0.0-nightly.20190122
v6.*
v6.0.0-nightly.20190123
v6.0.0-nightly.20190212
v6.0.0-nightly.20190213
v6.0.0-nightly.20190227
v6.0.0-nightly.20190308
v6.0.0-nightly.20190311
v6.0.0-nightly.20190404
v7.*
v7.0.0
v7.0.0-nightly.20190521
v7.0.0-nightly.20190529
v7.0.0-nightly.20190530
v7.0.0-nightly.20190531
v7.0.0-nightly.20190601
v7.0.0-nightly.20190602
v7.0.0-nightly.20190603
v7.0.0-nightly.20190604
v7.0.0-nightly.20190605
v7.0.0-nightly.20190606
v7.0.0-nightly.20190607
v7.0.0-nightly.20190608
v7.0.0-nightly.20190609
v7.0.0-nightly.20190610
v7.0.0-nightly.20190611
v7.0.0-nightly.20190612
v7.0.0-nightly.20190613
v7.0.0-nightly.20190614
v7.0.0-nightly.20190615
v7.0.0-nightly.20190616
v7.0.0-nightly.20190618
v7.0.0-nightly.20190619
v7.0.0-nightly.20190620
v7.0.0-nightly.20190621
v7.0.0-nightly.20190622
v7.0.0-nightly.20190623
v7.0.0-nightly.20190624
v7.0.0-nightly.20190625
v7.0.0-nightly.20190626
v7.0.0-nightly.20190627
v7.0.0-nightly.20190629
v7.0.0-nightly.20190630
v7.0.0-nightly.20190701
v7.0.0-nightly.20190702
v7.0.0-nightly.20190703
v7.0.0-nightly.20190704
v7.0.0-nightly.20190718
v7.0.0-nightly.20190719
v7.0.0-nightly.20190720
v7.0.0-nightly.20190721
v7.0.0-nightly.20190722
v7.0.0-nightly.20190723
v7.0.0-nightly.20190724
v7.0.0-nightly.20190725
v7.0.0-nightly.20190726
v7.0.0-nightly.20190727
v7.0.0-nightly.20190728
v7.0.0-nightly.20190729
v7.0.0-nightly.20190730
v7.0.0-nightly.20190731
v7.0.1
v7.1.0
v7.1.1
v7.1.10
v7.1.11
v7.1.12
v7.1.13
v7.1.14
v7.1.2
v7.1.3
v7.1.4
v7.1.5
v7.1.6
v7.1.7
v7.1.8
v7.1.9
v7.2.0
v7.2.1
v7.2.2
v7.2.3
v8.*
v8.0.0
v8.0.0-nightly.20190801
v8.0.0-nightly.20190802
v8.0.0-nightly.20190803
v8.0.0-nightly.20190804
v8.0.0-nightly.20190805
v8.0.0-nightly.20190806
v8.0.0-nightly.20190807
v8.0.0-nightly.20190808
v8.0.0-nightly.20190809
v8.0.0-nightly.20190810
v8.0.0-nightly.20190811
v8.0.0-nightly.20190812
v8.0.0-nightly.20190813
v8.0.0-nightly.20190814
v8.0.0-nightly.20190815
v8.0.0-nightly.20190816
v8.0.0-nightly.20190817
v8.0.0-nightly.20190818
v8.0.0-nightly.20190819
v8.0.0-nightly.20190820
v8.0.0-nightly.20190821
v8.0.0-nightly.20190822
v8.0.0-nightly.20190823
v8.0.0-nightly.20190824
v8.0.0-nightly.20190825
v8.0.0-nightly.20190826
v8.0.0-nightly.20190827
v8.0.0-nightly.20190828
v8.0.0-nightly.20190829
v8.0.0-nightly.20190830
v8.0.0-nightly.20190901
v8.0.0-nightly.20190902
v8.0.0-nightly.20190903
v8.0.0-nightly.20190904
v8.0.0-nightly.20190905
v8.0.0-nightly.20190906
v8.0.0-nightly.20190907
v8.0.0-nightly.20190908
v8.0.0-nightly.20190909
v8.0.0-nightly.20190910
v8.0.0-nightly.20190911
v8.0.0-nightly.20190912
v8.0.0-nightly.20190913
v8.0.0-nightly.20190914
v8.0.0-nightly.20190915
v8.0.0-nightly.20190917
v8.0.0-nightly.20190918
v8.0.0-nightly.20190919
v8.0.0-nightly.20190920
v8.0.0-nightly.20190921
v8.0.0-nightly.20190922
v8.0.0-nightly.20190923
v8.0.0-nightly.20190924
v8.0.0-nightly.20190926
v8.0.0-nightly.20190927
v8.0.0-nightly.20190928
v8.0.0-nightly.20190929
v8.0.0-nightly.20190930
v8.0.0-nightly.20191001
v8.0.0-nightly.20191002
v8.0.0-nightly.20191003
v8.0.0-nightly.20191004
v8.0.0-nightly.20191005
v8.0.0-nightly.20191006
v8.0.0-nightly.20191007
v8.0.0-nightly.20191008
v8.0.0-nightly.20191009
v8.0.0-nightly.20191010
v8.0.0-nightly.20191011
v8.0.0-nightly.20191012
v8.0.0-nightly.20191013
v8.0.0-nightly.20191014
v8.0.0-nightly.20191015
v8.0.0-nightly.20191016
v8.0.0-nightly.20191017
v8.0.0-nightly.20191018
v8.0.0-nightly.20191019
v8.0.0-nightly.20191020
v8.0.0-nightly.20191021
v8.0.0-nightly.20191022
v8.0.0-nightly.20191023
v8.0.0-nightly.20191024
v8.0.0-nightly.20191025
v8.0.0-nightly.20191026
v8.0.0-nightly.20191027
v8.0.0-nightly.20191028
v8.0.0-nightly.20191029
v8.0.0-nightly.20191030
v8.0.0-nightly.20191031
v8.0.0-nightly.20191101
v8.0.0-nightly.20191102
v8.0.0-nightly.20191103
v8.0.0-nightly.20191104
v8.0.0-nightly.20191105
v8.0.0-nightly.20191106
v8.0.0-nightly.20191107
v8.0.0-nightly.20191108
v8.0.0-nightly.20191109
v8.0.0-nightly.20191110
v8.0.0-nightly.20191111
v8.0.0-nightly.20191112
v8.0.1
v8.0.2
v8.0.3
v8.1.0
v8.1.1
v8.2.0
v8.2.1
v8.2.2
v8.2.3
v9.*
v9.0.0
v9.0.0-beta.1
v9.0.0-beta.10
v9.0.0-beta.11
v9.0.0-beta.12
v9.0.0-beta.13
v9.0.0-beta.14
v9.0.0-beta.15
v9.0.0-beta.16
v9.0.0-beta.17
v9.0.0-beta.18
v9.0.0-beta.19
v9.0.0-beta.2
v9.0.0-beta.20
v9.0.0-beta.21
v9.0.0-beta.22
v9.0.0-beta.23
v9.0.0-beta.24
v9.0.0-beta.3
v9.0.0-beta.4
v9.0.0-beta.5
v9.0.0-beta.6
v9.0.0-beta.7
v9.0.0-beta.8
v9.0.0-beta.9
v9.0.0-nightly.20191113
v9.0.0-nightly.20191114
v9.0.0-nightly.20191115
v9.0.0-nightly.20191116
v9.0.0-nightly.20191117
v9.0.0-nightly.20191118
v9.0.0-nightly.20191119
v9.0.0-nightly.20191121
v9.0.0-nightly.20191122
v9.0.0-nightly.20191123
v9.0.0-nightly.20191124
v9.0.0-nightly.20191125
v9.0.0-nightly.20191126
v9.0.0-nightly.20191127
v9.0.0-nightly.20191128
v9.0.0-nightly.20191129
v9.0.0-nightly.20191130
v9.0.0-nightly.20191201
v9.0.0-nightly.20191202
v9.0.0-nightly.20191203
v9.0.0-nightly.20191204
v9.0.0-nightly.20191205
v9.0.0-nightly.20191206
v9.0.0-nightly.20191207
v9.0.0-nightly.20191208
v9.0.0-nightly.20191209
v9.0.0-nightly.20191210
v9.0.0-nightly.20191211
v9.0.0-nightly.20191212
v9.0.0-nightly.20191215
v9.0.0-nightly.20191216
v9.0.0-nightly.20191217
v9.0.0-nightly.20191218
v9.0.0-nightly.20191219
v9.0.0-nightly.20191220
v9.0.0-nightly.20191221
v9.0.0-nightly.20191222
v9.0.0-nightly.20191223
v9.0.0-nightly.20191224
v9.0.0-nightly.20191225
v9.0.0-nightly.20191226
v9.0.0-nightly.20191228
v9.0.0-nightly.20191229
v9.0.0-nightly.20191230
v9.0.0-nightly.20191231
v9.0.0-nightly.20200101
v9.0.0-nightly.20200102
v9.0.0-nightly.20200103
v9.0.0-nightly.20200104
v9.0.0-nightly.20200105
v9.0.0-nightly.20200106
v9.0.0-nightly.20200108
v9.0.0-nightly.20200109
v9.0.0-nightly.20200110
v9.0.0-nightly.20200111
v9.0.0-nightly.20200113
v9.0.0-nightly.20200114
v9.0.0-nightly.20200115
v9.0.0-nightly.20200116
v9.0.0-nightly.20200117
v9.0.0-nightly.20200118
v9.0.0-nightly.20200119
v9.0.0-nightly.20200121
v9.0.0-nightly.20200123
v9.0.0-nightly.20200124
v9.0.0-nightly.20200125
v9.0.0-nightly.20200126
v9.0.0-nightly.20200127
v9.0.0-nightly.20200128
v9.0.0-nightly.20200129
v9.0.0-nightly.20200130
v9.0.0-nightly.20200131
v9.0.0-nightly.20200201
v9.0.0-nightly.20200202
v9.0.0-nightly.20200203
v9.0.0-nightly.20200204
v9.0.0-nightly.20200205
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-beta9"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4075.json"