How severe is CVE-2023-44402?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2023-44402?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2023-44402 - HIGH Severity | CVSS 7

Vulnerability Description

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to macOS as these fuses are only currently supported on macOS. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `.app` bundle on macOS which these fuses are supposed to protect against. There are no app side workarounds, you must update to a patched version of Electron.

Related Vulnerabilities

CVE-2021-20271

HIGH

CVSS:7.0(High)

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature h...

CWE-3452021

CVE-2024-7979

HIGH

CVSS:7.0(High)

Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security se...

CWE-3452024

CVE-2021-20267

HIGH

CVSS:7.1(High)

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonat...

CWE-3452021

CVE-2023-47630

HIGH

CVSS:7.1(High)

Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker t...

CWE-3452023

CVE-2024-43428

HIGH

CVSS:7.1(High)

To address a cache poisoning risk in Moodle, additional validation for local storage was required.

CWE-3452024

CVE-2025-24807

MEDIUM

CVSS:7.1(High)

eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per d...

CWE-3452025