CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Inserito da Angelo Barbosa | Apr 10, 2024 | CVE

A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection.

This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

Post correlati

CVE-2024-32978 | Kaminari up to 0.16.1 default permission (GHSA-7r3j-qmr4-jfpj)

CVE-2024-26595 | Linux Kernel up to 6.6.13/6.7.1 mlxsw mlxsw_sp_acl_tcam_region_destroy null pointer dereference (817840d125a3/d0a1efe417c9/efeb7dfea8ee)

CVE-2024-8184 | Eclipse Jetty up to 9.4.55/10.0.23/11.0.23/12.0.8 Requests ThreadLimitHandler.getRemote resource consumption (ID 30)

CVE-2024-41157 | OpenHarmony up to 4.1.0 use after free