Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-6vrv-94jv-crrg

GitHub Security Advisory

Context isolation bypass via Promise in Electron

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

### Impact
Apps using `contextIsolation` are affected.

This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions.

### Workarounds
There are no app-side workarounds, you must update your Electron version to be protected.

### Fixed Versions
* `9.0.0-beta.21`
* `8.2.4`
* `7.2.4`
* `6.1.11`

### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])

Affected Packages

npm electron
Affected versions: 0 (fixed in 6.1.11)
npm electron
Affected versions: 7.0.0 (fixed in 7.2.4)
npm electron
Affected versions: 8.0.0 (fixed in 8.2.4)

Related CVEs

CVE-2020-15096

Key Information

GHSA ID
GHSA-6vrv-94jv-crrg
Published
July 7, 2020 12:01 AM
Last Modified
January 7, 2021 11:48 PM
CVSS Score
2.5 /10
Primary Ecosystem
npm
Primary Package
electron
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 13, 2025 6:03 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.