Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable
CVSS Information
N/A
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
OpenVPN Connect 安全漏洞
Vulnerability Description
OpenVPN Connect是美国OpenVPN公司的一款VPN(虚拟私人网络)客户端应用程序。 OpenVPN Connect 存在安全漏洞,该漏洞源于允许本地攻击者通过ELECTRON_RUN_AS_NODE环境变量在nodejs进程上下文中执行任意代码。受影响的产品和版本:OpenVPN Connec 3.0至3.4.3版本(Windows),3.0至3.4.7版本(macOS)。
CVSS Information
N/A
Vulnerability Type
N/A