{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T23:58:59.597","vulnerabilities":[{"cve":{"id":"CVE-2020-4076","sourceIdentifier":"security-advisories@github.com","published":"2020-07-07T00:15:10.590","lastModified":"2024-11-21T05:32:15.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4."},{"lang":"es","value":"En Electron antes de las versiones 7.2.4, 8.2.4 y 9.0.0-beta21, se presenta una omisión de aislamiento de contexto. El código que se ejecuta en el contexto mundial principal en el renderizador puede alcanzar el contexto Electron aislado y llevar a cabo acciones privilegiadas. Las aplicaciones que usan contextIsolation están afectadas. Esto es corregido en las versiones 9.0.0-beta.21, 8.2.4 y 7.2.4"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-501"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.2.4","matchCriteriaId":"B52CBB9A-2E1B-4ED7-8DAD-33B5CD063D45"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.2.4","matchCriteriaId":"31A476AD-CF63-41DE-8B71-7CB8CB828BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:-:*:*:*:*:*:*","matchCriteriaId":"87556FB9-4AEC-4C3A-8DF6-4480728C8605"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"FB793B7F-1C9D-445D-A849-CB28577CA760"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta10:*:*:*:*:*:*","matchCriteriaId":"0C340AA9-8D81-4927-9447-DFCF0DD385AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta11:*:*:*:*:*:*","matchCriteriaId":"D8DF366B-644E-4C43-9DF1-37F1ADD36532"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta12:*:*:*:*:*:*","matchCriteriaId":"BAC64CED-4F36-4667-B909-4265DDEBDA3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta13:*:*:*:*:*:*","matchCriteriaId":"17574861-A808-406A-9B0D-403AD99EA160"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta14:*:*:*:*:*:*","matchCriteriaId":"79CB734A-05B3-4388-BD8F-ECD3FD699D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta15:*:*:*:*:*:*","matchCriteriaId":"7E0E7E72-B138-4E09-BEE0-219643377314"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta16:*:*:*:*:*:*","matchCriteriaId":"B19F82AA-3660-4AC5-920E-7E36534ADF36"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta17:*:*:*:*:*:*","matchCriteriaId":"29850E51-1EB9-4E9E-9AAC-ACAC12CDCAB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta18:*:*:*:*:*:*","matchCriteriaId":"84544C05-24A7-4CDE-B6E1-EC05B6CD9836"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta19:*:*:*:*:*:*","matchCriteriaId":"A8AF3443-F01C-407F-BEE2-A8E601A09211"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"F962D5DC-C4EE-42C0-9BA8-C17B5ADAE178"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta20:*:*:*:*:*:*","matchCriteriaId":"EB7A193D-7B1F-45F0-B385-DE8C75D7088D"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"4BFFB27D-B11F-4F5B-8624-27042F8A664A"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"AF67CE0D-79D8-4CCC-8152-6989D681B618"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"965FE481-DC51-4123-B47A-4825E7231B33"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta6:*:*:*:*:*:*","matchCriteriaId":"AAC42DF7-3344-4C5C-B01A-B24F7C7FA47A"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta7:*:*:*:*:*:*","matchCriteriaId":"5CA4015A-6D70-490E-AEFD-1C64F582F9DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta8:*:*:*:*:*:*","matchCriteriaId":"72B0EAB3-F11C-42B3-8F4A-3D4B652A2740"},{"vulnerable":true,"criteria":"cpe:2.3:a:electronjs:electron:9.0.0:beta9:*:*:*:*:*:*","matchCriteriaId":"F2F409DE-D2A1-49A6-AA57-D735F4B07D29"}]}]}],"references":[{"url":"https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824","source":"security-advisories@github.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/electron/electron/security/advisories/GHSA-m93v-9qjc-3g79","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.electronjs.org/releases/stable?page=3#release-notes-for-v824","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}