CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection

Inserito da Angelo Barbosa | Set 7, 2024 | CVE

A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.3/20.15.0/22.4.0 on Windows. Affected by this issue is the function child_process.spawn/child_process.spawnSync of the component Incomplete Fix CVE-2024-27980. The manipulation leads to command injection.

This vulnerability is handled as CVE-2024-36138. The attack may be launched remotely. There is no exploit available.

CVE-2024-36138 | Node.js up to 18.20.3/20.15.0/22.4.0 on Windows Incomplete Fix CVE-2024-27980 child_process.spawn/child_process.spawnSync command injection

Post correlati

CVE-2024-30111 | HCL DRYiCE AEX 10 missing immutable root of trust in hardware (KB0114193)

CVE-2024-46701 | Linux Kernel up to 6.10.6 libfs simple_dir_operations Privilege Escalation (308b4fc2403b/64a7ce76fb90)

CVE-2023-5432 | Jquery News Ticker Plugin up to 3.1 on WordPress Shortcode cross site scripting

CVE-2024-34820 | If So Plugin If-So Dynamic Content Personalization Plugin up to 1.7.1 on WordPress authorization