Asana

asana

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Desktop

desktop

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49314 1Asana 1Desktop Jun 17, 2026 Nov 28, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus...Show more Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.Show less
CVE-2022-26877 1Asana 1Desktop Jun 17, 2026 Apr 9, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2023-49314

1Asana

1Desktop

Jun 17, 2026

Nov 28, 2023

N/A· v4

7.8 HIGH· v3

N/A· v2

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus...Show more

CVE-2022-26877

1Asana

1Desktop

Jun 17, 2026

Apr 9, 2022

N/A· v4

6.5 MEDIUM· v3

4.3 MEDIUM· v2

Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page.