ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
References
| Link | Resource |
|---|---|
| https://clickup.com/security/disclosures | Vendor Advisory |
| https://clickup.com/terms/security-policy | Not Applicable |
| https://www.electronjs.org/blog/statement-run-as-node-cves | Not Applicable |
| https://www.electronjs.org/docs/latest/tutorial/fuses | Not Applicable |
| https://clickup.com/security/disclosures | Vendor Advisory |
| https://clickup.com/terms/security-policy | Not Applicable |
| https://www.electronjs.org/blog/statement-run-as-node-cves | Not Applicable |
| https://www.electronjs.org/docs/latest/tutorial/fuses | Not Applicable |
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2024-03-23 22:15
Updated : 2025-09-18 16:41
NVD link : CVE-2024-23755
Mitre link : CVE-2024-23755
CVE.ORG link : CVE-2024-23755
JSON object : View
Products Affected
microsoft
- windows
apple
- macos
clickup
- clickup
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')