CVE-2023-49314

Published
View on NVD ↗
CVSS v3
7.8
HIGH
CVSS v2
N/A
Affected
3
PROJECTS

Description

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

r3ggi/electroniz3r
r3ggi/electroniz3r
Take over macOS Electron apps' TCC permissions
GitHubGitHub
223
louiselalanne/CVE-2023-49314
louiselalanne/CVE-2023-49314
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and enableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.
GitHubGitHub
6
electron/fuses
electron/fuses
GitHubGitHub
54