CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection

Inserito da Angelo Barbosa | Set 7, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.3/20.15.0/22.4.0 on Windows. Affected by this issue is the function child_process.spawn/child_process.spawnSync of the component Incomplete Fix CVE-2024-27980. The manipulation leads to command injection.

This vulnerability is handled as CVE-2024-36138. The attack may be launched remotely. There is no exploit available.

CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection

Post correlati

CVE-2023-46388 | LOYTEC LINX-151/LINX-212 SMTP Client dpal_config.wbx credentials storage

CVE-2024-27528 | wasm3 139076a memory corruption (Issue 463)

CVE-2023-5432 | Jquery News Ticker Plugin up to 3.1 on WordPress Shortcode cross site scripting

CVE-2024-7526 | Mozilla Firefox up to 128 ANGLE uninitialized pointer