Описание
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Ссылки
EPSS
8.1 High
CVSS3
Дефекты
Связанные уязвимости
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Due to the improper handling of batch files in child_process.spawn / c ...
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Уязвимость функций child_process.spawn() и child_process.spawnSync() программной платформы Node.js операционных систем Windows, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольные команды
EPSS
8.1 High
CVSS3