Published: 28/11/2023 Updated: 16/02/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
asana desktop 2.1.0

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and enableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

CVE-2023-49314 Asana Desktop 210 on macOS allows code injection because of specific Electron Fuses There is inadequate protection against code injection through settings such as RunAsNode and enableNodeCliInspectArguments, and thus electroniz3r can be used to perform an attack There is a tool designed to automate the process of searching for vulnerabilities in electron: h

CVE-2023-50643

CVE-2023-50643 CVE-2023-50643 An issue in Evernote for MacOS v10682 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components There is a tool designed to automate the process of searching for vulnerabilities in electron: githubcom/r3ggi/electroniz3r With this tool, we can check if the App is Vulnerable: Afte

CWE-94 https://asana.com/pt/download https://github.com/r3ggi/electroniz3r https://www.electronjs.org/docs/latest/tutorial/fuses https://github.com/louiselalanne/CVE-2023-49314 https://github.com/electron/fuses https://www.electronjs.org/blog/statement-run-as-node-cves https://nvd.nist.gov https://github.com/louiselalanne/CVE-2023-49314

CVE-2023-49314

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect