A vulnerability classified as critical has been found in Node.js up to 21.7.2 on Windows. Affected is the function
CreateProcess
. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2024-3566. The attack needs to be approached within the local network. There is no exploit available.