CVE-2020-4076

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-4076

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4076.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-4076

Aliases

GHSA-m93v-9qjc-3g79

Related

GHSA-m93v-9qjc-3g79

Published

2020-07-07T00:15:10.590Z

Modified

2026-02-11T12:50:27.974742Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

References

Affected packages

Git / github.com/electron/electron

Affected ranges

Type: GIT
Repo: https://github.com/electron/electron
Events: Introduced

1af3a71fdbb3130fd581b12d8f5a7440e7a04fc6

Fixed

d8f90444aa654f886016a22cb771df99c3616178

Introduced

3083693e67632720b8d12b32d3811be0f4336318

Fixed

0552e0d5de46ffa3b481d741f1db5c779e201565

Affected versions

v7.*

v7.0.0

v7.0.1

v7.1.0

v7.1.1

v7.1.10

v7.1.11

v7.1.12

v7.1.13

v7.1.14

v7.1.2

v7.1.3

v7.1.4

v7.1.5

v7.1.6

v7.1.7

v7.1.8

v7.1.9

v7.2.0

v7.2.1

v7.2.2

v7.2.3

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.1.0

v8.1.1

v8.2.0

v8.2.1

v8.2.2

v8.2.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-4076.json"