CVE-2020-4077

CRITICAL Year: 2020
CVSS v3 Score
9.9
Critical
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-501
View all →

Vulnerability Description

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

Related Vulnerabilities

CVE-2022-1799

CRITICAL
CVSS:9.8(Critical)

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad...

CWE-5012022

CVE-2020-4076

CRITICAL
CVSS:9.0(Critical)

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and...

CWE-5012020

CVE-2024-49050

HIGH
CVSS:8.8(High)

Visual Studio Code Python Extension Remote Code Execution Vulnerability

CWE-5012024

CVE-2024-23682

HIGH
CVSS:8.2(High)

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbi...

CWE-5012024

CVE-2022-1799

CRITICAL
CVSS:9.8(Critical)

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrad...

CWE-5012022

CVE-2020-4076

CRITICAL
CVSS:9.0(Critical)

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and...

CWE-5012020