Описание
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
EPSS
8.1 High
CVSS3
Дефекты
Связанные уязвимости
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Bypass incomplete fix of CVE-2024-27980, that arises from improper han ...
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Уязвимость программной платформы Node.js, связанная с ошибками при обработке входных данных, позволяющая нарушителю выполнять произвольные команды
EPSS
8.1 High
CVSS3