CVE-2024-23741

CRITICAL

Vercel Hyper < 3.4.1 - Code Injection

Title source: rule

Description

An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

Exploits (1)

nomisec WRITEUP

by giovannipajeu1 · poc

https://github.com/giovannipajeu1/CVE-2024-23741

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://github.com/V3x0r/CVE-2024-23741

[Third Party Advisory] https://www.electronjs.org/blog/statement-run-as-node-cves

Scores

CVSS v3 9.8

EPSS 0.2417

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

vercel/hyper < 3.4.1

Published Jan 28, 2024

Tracked Since Feb 18, 2026