Published: 31/01/2024 Updated: 17/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
notion web clipper 1.0.3\\(7\\)

In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack.

CVE-2024-23745 In Notion Web Clipper 103(7), a nib file is susceptible to the Dirty NIB attack NIB files can be manipulated to execute arbitrary commands Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context Impact

CWE-77 https://github.com/louiselalanne/CVE-2024-23745 https://blog.xpnsec.com/dirtynib/https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model https://nvd.nist.gov https://github.com/louiselalanne/CVE-2024-23745

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-23745

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect