CVE-2020-4076

CRITICAL Year: 2020
CVSS v3 Score
9.0
Critical
CVSS v2 Score
3.6
Low
Weakness Type
CWE-501
View all →

Vulnerability Description

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

Related Vulnerabilities

CVE-2024-49050

HIGH
CVSS:8.8(High)

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CWE-5012024

CVE-2022-1799

CRITICAL
CVSS:9.8(Critical)

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad...

CWE-5012022

CVE-2024-23682

HIGH
CVSS:8.2(High)

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbi...

CWE-5012024

CVE-2020-4077

CRITICAL
CVSS:9.9(Critical)

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and...

CWE-5012020

CVE-2023-0627

HIGH
CVSS:7.8(High)

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X.

CWE-5012023

CVE-2023-28597

HIGH
CVSS:7.5(High)

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web por...

CWE-5012023