CVE-2023-31874 – Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2023-31874

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). Yank Note (YN) 3.52.1 permite la ejecución de código arbitrario cuando se abre un archivo manipulado, por ejemplo: "via nodeRequire('child_process')". Yank Note version 3.52.1 suffers from an arbitrary code execution vulnerability. • https://www.exploit-db.com/exploits/51470 http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html • CWE-732: Incorrect Permission Assignment for Critical Resource •