CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

EUVD-2022-31426

Malicious code in bioql PyPI...

CVE-2022-26877

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page...

CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

Asana Desktop Security Vulnerability

Asana Desktop is a desktop body application. A security vulnerability exists in Asana Desktop version 2.1.0, which stems from insufficient protection against code injection via RunAsNode, EnableNodeCliInspectArguments, and other settings, and can be exploited via r3ggi/ electroniz3r...

PT-2023-31164 · Asana · Asana Desktop

Name of the Vulnerable Software and Affected Versions: Asana Desktop version 2.1.0 Description: The issue allows code injection due to specific Electron Fuses, with inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments. This can be...

CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

CVE-2022-26877

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page...

CVE-2022-26877

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page...

CVE-2022-26877

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page...

Code injection

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page...

CVE-2022-26877

Asana Desktop vulnerable before 1.6.0: if users load a malicious web page, the app can exfiltrate local files. Root cause: loading an adversarial page triggers data leakage. Affected product/version: Asana Desktop prior to 1.6.0. Impact: potential unauthorized local file access. Remediation: upda...

Asana Desktop 安全漏洞

Asana Desktop is a desktop body application. A security vulnerability exists in Asana Desktop versions prior to 1.6.0 that originates when the Asana Desktop application loads a malicious web page. A remote attacker could exploit the vulnerability to filter local files...