A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection.

This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.