HIGH🇵🇱 Wersja polska

CVE-2020-4077

CVSS 7.7v3.1pub. 2020-07-07upd. 2024-11-21

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
  • Electronjs Electron

    APP
    Electronjs
    9.0.07.0.0 – 7.2.4 (bez)8.0.0 – 8.2.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-16151CRITICAL9.8ten sam produkt

Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in G...

CVE-2026-34771HIGH7.5ten sam produkt

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...

CVE-2026-34770HIGH7.0ten sam produkt

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...

CVE-2026-34769HIGH7.7ten sam produkt

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...

CVE-2026-34774HIGH8.1ten sam produkt

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior ...