{"id":"CVE-2020-4076","details":"In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.","aliases":["GHSA-m93v-9qjc-3g79"],"modified":"2026-03-13T22:15:55.567945Z","published":"2020-07-07T00:15:10.590Z","related":["GHSA-m93v-9qjc-3g79"],"references":[{"type":"ADVISORY","url":"https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79"},{"type":"ADVISORY","url":"https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/electron/electron","events":[{"introduced":"3083693e67632720b8d12b32d3811be0f4336318"},{"fixed":"0552e0d5de46ffa3b481d741f1db5c779e201565"},{"introduced":"1af3a71fdbb3130fd581b12d8f5a7440e7a04fc6"},{"fixed":"d8f90444aa654f886016a22cb771df99c3616178"},{"introduced":"0"},{"last_affected":"4da01641ce50cf5a8b6f39717e4c447f89455dfa"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.2.4"},{"introduced":"8.0.0"},{"fixed":"8.2.4"},{"introduced":"0"},{"last_affected":"9.0.0-NA"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4076.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta10"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta11"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta12"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta13"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta14"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta15"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta16"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta17"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta18"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta19"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta20"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta3"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta4"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta5"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta6"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta7"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta8"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-beta9"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}