PT-2024-20051 · Notion · Notion

R3Ggi

Published

2024-01-27

Updated

2024-09-25

CVE-2024-23743

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Notion versions prior to 3.1.0

Description The issue might allow code execution because of RunAsNode and enableNodeClilnspectArguments. The vendor states that the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.

Recommendations For Notion versions prior to 3.1.0, consider disabling the RunAsNode and enableNodeClilnspectArguments components as a temporary workaround until a patch is available. Restrict access to the Notion Desktop application to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250

Related Identifiers

CVE-2024-23743

Affected Products

Notion

PT-2024-20051 · Notion · Notion

CVE-2024-23743

Weakness Enumeration

Related Identifiers

Affected Products

References · 12