Lucene search
Veracode Vulnerability DatabaseVERACODE:25822HistoryJul 08, 2020 - 3:06 a.m.
Authorization Bypass
2020-07-0803:06:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.001
Percentile
42.8%
electron is vulnerable to authorization bypass. The vulnerability exists as it was possible to bypass a context isolation through contextBridge, causing code in main world context to reach the isolated context with higher privileges.
References
github.com/advisories/GHSA-h9jc-284h-533g
github.com/electron/electron/commit/b8e347709245d2dc5640fbb3044d9b21b4eaa6b0
github.com/electron/electron/commit/c87b474496c35580ebbeab13f9c8c982b4eab4d3
github.com/electron/electron/security/advisories/GHSA-h9jc-284h-533g
www.electronjs.org/releases/stable?page=3#release-notes-for-v824
Related
osv
osv
CVE-2020-4077
2020-07-07 00:15:10
Context isolation bypass via contextBridge in Electron
2020-07-07 00:01:10
prion
prion
Design/Logic Flaw
2020-07-07 00:15:00
cve
cve
CVE-2020-4077
2020-07-07 00:15:10
github
github
Context isolation bypass via contextBridge in Electron
2020-07-07 00:01:10
cvelist
cvelist
CVE-2020-4077 Context isolation bypass via contextBridge in Electron
2020-07-07 00:05:16
nvd
nvd
CVE-2020-4077
2020-07-07 00:15:10