CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-23745
https://notcve.org/view.php?id=CVE-2024-23745
31 Jan 2024 — In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and canno... • https://github.com/louiselalanne/CVE-2024-23745 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 2CVE-2024-23743
https://notcve.org/view.php?id=CVE-2024-23743
28 Jan 2024 — Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." Un problema en Notion para macOS versión 3.1.0 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de los componentes RunAsNode y enableNodeClilnspectArguments. • https://github.com/giovannipajeu1/CVE-2024-23743 • CWE-250: Execution with Unnecessary Privileges •