giovannipajeu1 / CVE-2024-23738

CVE-2024-23738

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2024-23738

An issue in Postman through 10.22 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r image

With this tool, we can check if the App is Vulnerable:

image

After validation, we can inject our code, and get a shell

image

Enjoy Your Shell :)

About

CVE-2024-23738