CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Inserito da Angelo Barbosa | Apr 10, 2024 | CVE

A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection.

This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Post correlati

CVE-2024-7357 | D-Link DIR-600 up to 2.18 /soap.cgi soapcgi_main service os command injection (SAP10408)

CVE-2024-6947 | Flute CMS 0.2.2.4-alpha Notification ContentParser.php replaceContent code injection

CVE-2024-34987 | PHPGurukul Online Fire Reporting System 1.2 ofrs/admin/index.php username sql injection

CVE-2024-47558 | Xerox FreeFlow Core up to 7.0.10 path traversal