Vulnerabilities > CVE-2020-4077 - Unspecified vulnerability in Electronjs Electron 7.0.0/8.0.0/9.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 23 |