CVE-2024-23755 Information

Description

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.

Reference

https://www.electronjs.org/docs/latest/tutorial/fuses https://clickup.com/terms/security-policy https://www.electronjs.org/blog/statement-run-as-node-cves https://clickup.com/security/disclosures