CVE-2023-49314

HIGH

Asana Desktop 2.1.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49314. PoCs published by louiselalanne.

AI-analyzed exploit summary The repository documents CVE-2023-49314, a code injection vulnerability in Asana Desktop 2.1.0 on macOS due to inadequate Electron Fuses protections. It references the use of electroniz3r for exploitation and includes screenshots of the process but lacks functional exploit code.

Description

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

Exploits (1)

nomisec WRITEUP 6 stars
by louiselalanne · poc
https://github.com/louiselalanne/CVE-2023-49314

The repository documents CVE-2023-49314, a code injection vulnerability in Asana Desktop 2.1.0 on macOS due to inadequate Electron Fuses protections. It references the use of electroniz3r for exploitation and includes screenshots of the process but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Asana Desktop 2.1.0 on macOS
No auth needed
Prerequisites: Access to the target system · Asana Desktop 2.1.0 installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.8
EPSS 0.0433
EPSS Percentile 89.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
asana/desktop 2.1.0
Published Nov 28, 2023
Tracked Since Feb 18, 2026