Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-7245

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via the ELECTRON_RUN_AS_NODE environment variable

  • Published: Feb 20, 2024
  • Updated: Feb 21, 2024
  • CVE: CVE-2023-7245
  • Exploit:

No technical information available.

No CWE or OWASP classifications available.

Software From Fixed in
openvpn / connect 3.2.0 3.4.8
openvpn / connect 3.2.0 3.4.4
openvpn / connect 3.0.0-beta 3.0.0-beta.x
openvpn / connect 3.0.1-beta 3.0.1-beta.x
openvpn / connect 3.0.2-beta 3.0.2-beta.x
openvpn / connect 3.1.0-beta 3.1.0-beta.x
openvpn / connect 3.1.1-beta 3.1.1-beta.x
openvpn / connect 3.1.2-beta 3.1.2-beta.x
openvpn / connect 3.1.3-beta 3.1.3-beta.x