CVE-2023-7245

{"id": "CVE-2023-7245", "metrics": {}, "published": "2024-02-20T11:15:07.750", "references": [{"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/", "source": "security@openvpn.net"}, {"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/", "source": "security@openvpn.net"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@openvpn.net", "description": [{"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable\n"}, {"lang": "es", "value": "El framework nodejs en OpenVPN Connect 3.0 a 3.4.3 (Windows)/3.4.7 (macOS) no se configur\u00f3 correctamente, lo que permite a un usuario local ejecutar c\u00f3digo arbitrario dentro del contexto del proceso nodejs a trav\u00e9s de la variable de entorno ELECTRON_RUN_AS_NODE"}], "lastModified": "2024-02-20T19:50:53.960", "sourceIdentifier": "security@openvpn.net"}