High severityNVD Advisory· Published Jul 7, 2020· Updated Aug 4, 2024
Context isolation bypass via leaked cross-context objects in Electron
CVE-2020-4076
Description
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electronnpm | < 7.2.4 | 7.2.4 |
electronnpm | >= 8.0.0, < 8.2.4 | 8.2.4 |
Affected products
2- Range: >= 9.0.0-beta.0, <= 9.0.0-beta.20
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-m93v-9qjc-3g79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-4076ghsaADVISORY
- github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79ghsax_refsource_CONFIRMWEB
- www.electronjs.org/releases/stableghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.