CVE-2024-23740

CRITICAL

Kap for macOS <3.6.0 - RCE

Title source: llm

Description

An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Exploits (1)

nomisec SUSPICIOUS

by giovannipajeu1 · poc

https://github.com/giovannipajeu1/CVE-2024-23740

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.electronjs.org/blog/statement-run-as-node-cves

[Third Party Advisory] https://github.com/V3x0r/CVE-2024-23740

Scores

CVSS v3 9.8

EPSS 0.2325

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

getkap/kap < 3.6.0

Published Jan 28, 2024

Tracked Since Feb 18, 2026