A vulnerability, which was classified as critical, has been found in Node.js up to 18.20.3/20.15.0/22.4.0 on Windows. Affected by this issue is the function
child_process.spawn/child_process.spawnSync
of the component Incomplete Fix CVE-2024-27980. The manipulation leads to command injection.
This vulnerability is handled as CVE-2024-36138. The attack may be launched remotely. There is no exploit available.