Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states “the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.”
[
{
"cpes": [
"cpe:2.3:a:notion:notion:-:*:*:*:*:*:*:*"
],
"vendor": "notion",
"product": "notion",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "3.1.0"
}
],
"defaultStatus": "unknown"
}
]