CVEs-PoC/2020/CVE-2020-4077.md

### [CVE-2020-4077](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4077)
![](https://img.shields.io/static/v1?label=Product&message=electron&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-501%20Trust%20Boundary%20Violation&color=brighgreen)

### Description

In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon