← Back

CVE-2020-4077

nvd nist
Published: Jul 7, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.9
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.1 / Impact: 6.0
Source: NVD

Description

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

Affected (23)

Products: Electronjs: Electron
Electronjs
1 product
Electron
Configuration A
23 vulnerable
Vulnerable SoftwareAffected Versions
Electronjs
Electron
From 7.0.0 to 7.2.4
Electron
From 8.0.0 to 8.2.4
Electron
Version 9.0.0
Electron
Version 9.0.0 beta10
Electron
Version 9.0.0 beta11
Electron
Version 9.0.0 beta12
Electron
Version 9.0.0 beta13
Electron
Version 9.0.0 beta14
Electron
Version 9.0.0 beta15
Electron
Version 9.0.0 beta16
Electron
Version 9.0.0 beta17
Electron
Version 9.0.0 beta18
Electron
Version 9.0.0 beta19
Electron
Version 9.0.0 beta1
Electron
Version 9.0.0 beta20
Electron
Version 9.0.0 beta2
Electron
Version 9.0.0 beta3
Electron
Version 9.0.0 beta4
Electron
Version 9.0.0 beta5
Electron
Version 9.0.0 beta6
Electron
Version 9.0.0 beta7
Electron
Version 9.0.0 beta8
Electron
Version 9.0.0 beta9

Related CWEs

CWE-501
Trust Boundary Violation
The product mixes trusted and untrusted data in the same data structure or structured message.

References (4)

Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.