CVE-2024-23743
An issue in Notion for MacOS v.3.1.0 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components
There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
With this tool, we can check if the App is Vulnerable:
After validation, we can inject our code, and get a shell
And Now, Enjoy your Shell: