CVE-2020-4075: Arbitrary file read via window-open IPC in Electron
First published: Tue Jul 07 2020(Updated: )
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Electronjs Electron | >=7.0.0<7.2.4 | |
| Electronjs Electron | >=8.0.0<8.2.4 | |
| Electronjs Electron | =9.0.0 | |
| Electronjs Electron | =9.0.0-beta1 | |
| Electronjs Electron | =9.0.0-beta10 | |
| Electronjs Electron | =9.0.0-beta11 | |
| Electronjs Electron | =9.0.0-beta12 | |
| Electronjs Electron | =9.0.0-beta13 | |
| Electronjs Electron | =9.0.0-beta14 | |
| Electronjs Electron | =9.0.0-beta15 | |
| Electronjs Electron | =9.0.0-beta16 | |
| Electronjs Electron | =9.0.0-beta17 | |
| Electronjs Electron | =9.0.0-beta18 | |
| Electronjs Electron | =9.0.0-beta19 | |
| Electronjs Electron | =9.0.0-beta2 | |
| Electronjs Electron | =9.0.0-beta20 | |
| Electronjs Electron | =9.0.0-beta3 | |
| Electronjs Electron | =9.0.0-beta4 | |
| Electronjs Electron | =9.0.0-beta5 | |
| Electronjs Electron | =9.0.0-beta6 | |
| Electronjs Electron | =9.0.0-beta7 | |
| Electronjs Electron | =9.0.0-beta8 | |
| Electronjs Electron | =9.0.0-beta9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-4075?
CVE-2020-4075 is a vulnerability in Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21 that allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.
What is the severity of CVE-2020-4075?
The severity of CVE-2020-4075 is high with a CVSS score of 7.5.
How can I fix CVE-2020-4075?
As a workaround, ensure you are calling event.preventDefault() on all new-window events where the url or options is not trusted.
Which versions of Electron are affected by CVE-2020-4075?
Electron versions before 7.2.4, 8.2.4, and 9.0.0-beta21 are affected by CVE-2020-4075.
Where can I find more information about CVE-2020-4075?
More information about CVE-2020-4075 can be found at the following references: [GitHub Advisory](https://github.com/electron/electron/security/advisories/GHSA-f9mq-jph6-9mhm), [Electron Release Notes](https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/description
- vendor/electronjs
- canonical/electronjs electron
- version/electronjs electron/7.0.0
- version/electronjs electron/8.0.0
- version/electronjs electron/9.0.0
- version/electronjs electron/9.0.0-beta1
- version/electronjs electron/9.0.0-beta10
- version/electronjs electron/9.0.0-beta11
- version/electronjs electron/9.0.0-beta12
- version/electronjs electron/9.0.0-beta13
- version/electronjs electron/9.0.0-beta14
- version/electronjs electron/9.0.0-beta15
- version/electronjs electron/9.0.0-beta16
- version/electronjs electron/9.0.0-beta17
- version/electronjs electron/9.0.0-beta18
- version/electronjs electron/9.0.0-beta19
- version/electronjs electron/9.0.0-beta2
- version/electronjs electron/9.0.0-beta20
- version/electronjs electron/9.0.0-beta3
- version/electronjs electron/9.0.0-beta4
- version/electronjs electron/9.0.0-beta5
- version/electronjs electron/9.0.0-beta6
- version/electronjs electron/9.0.0-beta7
- version/electronjs electron/9.0.0-beta8
- version/electronjs electron/9.0.0-beta9