LOW 3.3
CVE-2024-23743
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
CVSS v3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| notion | notion | Android | ≤3.1.0 | cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:* |
| notion | notion | iOS | ≤3.1.0 | cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:* |
| notion | notion | Android | ≤3.1.0 | cpe:2.3:a:notion:notion:*:*:*:*:*:*:*:* |