CVE-2024-22169

WD Discovery<br /> versions prior to 5.0.589 contain a misconfiguration in the Node.js environment<br /> settings that could allow code execution by utilizing the &amp;#39;ELECTRON_RUN_AS_NODE&amp;#39; environment variable.<br /> Any malicious application operating with standard user permissions can exploit<br /> this vulnerability, enabling code execution within WD Discovery application&amp;#39;s<br /> context. WD Discovery version 5.0.589 addresses this issue by disabling certain<br /> features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.