Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-23743

Published: 28/01/2024 Updated: 17/05/2024
CVSS v3 Base Score: 3.3 | Impact Score: 1.4 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Notion

Vulnerability Summary

Notion up to and including 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."

Vulnerable Product Search on Vulmon Subscribe to Product

notion notion

Github Repositories

https://github.com/V3x0r/CVE-2024-23743

CVE-2024-23743 CVE-2024-23743 An issue in Notion for MacOS v310 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components There is a tool designed to automate the process of searching for vulnerabilities in electron: githubcom/r3ggi/electroniz3r With this tool, we can check if the App is Vulnerable: After va

References

NVD-CWE-noinfohttps://github.com/V3x0r/CVE-2024-23743https://www.electronjs.org/blog/statement-run-as-node-cveshttps://github.com/r3ggi/electroniz3rhttps://nvd.nist.govhttps://github.com/V3x0r/CVE-2024-23743
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook