CVE-2024-23742

Published: Jan 28, 2024Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine.

Affected (1)

Products: Loom: Loom

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Loom Loom	Up to 0.196.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://github.com/V3x0r/CVE-2024-23742

Source: cve@mitre.org

Third Party Advisory

https://www.electronjs.org/blog/statement-run-as-node-cves

Source: cve@mitre.org

https://github.com/V3x0r/CVE-2024-23742

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.electronjs.org/blog/statement-run-as-node-cves

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.