CVE-2020-4076

EPSS 0.08%
Veröffentlicht 07.07.2020 00:15:10
Zuletzt bearbeitet 21.11.2024 05:32:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Electronjs ≫ Electron Version >= 7.0.0 < 7.2.4

Electronjs ≫ Electron Version >= 8.0.0 < 8.2.4

Electronjs ≫ Electron Version9.0.0 Update-

Electronjs ≫ Electron Version9.0.0 Updatebeta1

Electronjs ≫ Electron Version9.0.0 Updatebeta10

Electronjs ≫ Electron Version9.0.0 Updatebeta11

Electronjs ≫ Electron Version9.0.0 Updatebeta12

Electronjs ≫ Electron Version9.0.0 Updatebeta13

Electronjs ≫ Electron Version9.0.0 Updatebeta14

Electronjs ≫ Electron Version9.0.0 Updatebeta15

Electronjs ≫ Electron Version9.0.0 Updatebeta16

Electronjs ≫ Electron Version9.0.0 Updatebeta17

Electronjs ≫ Electron Version9.0.0 Updatebeta18

Electronjs ≫ Electron Version9.0.0 Updatebeta19

Electronjs ≫ Electron Version9.0.0 Updatebeta2

Electronjs ≫ Electron Version9.0.0 Updatebeta20

Electronjs ≫ Electron Version9.0.0 Updatebeta3

Electronjs ≫ Electron Version9.0.0 Updatebeta4

Electronjs ≫ Electron Version9.0.0 Updatebeta5

Electronjs ≫ Electron Version9.0.0 Updatebeta6

Electronjs ≫ Electron Version9.0.0 Updatebeta7

Electronjs ≫ Electron Version9.0.0 Updatebeta8

Electronjs ≫ Electron Version9.0.0 Updatebeta9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	2.5	5.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N
security-advisories@github.com	7.8	1.4	5.8	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-501 Trust Boundary Violation

The product mixes trusted and untrusted data in the same data structure or structured message.

https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824

Vendor Advisory

Release Notes

https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-4076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-4076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-4076

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-4076