CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Inserito da Angelo Barbosa | Apr 10, 2024 | CVE

A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection.

This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Post correlati

CVE-2024-1631 | Internet Computer agent-js 1.0.0 hard-coded key (GHSA-c9vv-fhgv-cjc3)

CVE-2024-20119 | MediaTek MT8676 Mms write-what-where condition (MSV-1620 / ALPS09062301)

CVE-2024-1176 | HT Easy GA4 Plugin up to 1.1.5 on WordPress Email Update authorization

CVE-2025-20980 | Samsung libsavscmn out-of-bounds write