A vulnerability has been found in OpenVPN Connect and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Node.js Framework. The manipulation of the argument ELECTRON_RUN_AS_NODE leads to improper neutralization of directives in dynamically evaluated code (‘eval injection’).
This vulnerability is known as CVE-2023-7245. Attacking locally is a requirement. There is no exploit available.