Количество 9
Количество 9
CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
CVE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper han ...
GHSA-p2ww-p57h-w5m7
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
BDU:2024-05133
Уязвимость программной платформы Node.js, связанная с ошибками при обработке входных данных, позволяющая нарушителю выполнять произвольные команды
SUSE-SU-2024:2542-1
Security update for nodejs18
SUSE-SU-2024:2496-1
Security update for nodejs18
SUSE-SU-2024:2574-1
Security update for nodejs20
SUSE-SU-2024:2543-1
Security update for nodejs20
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-36138 Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-36138 Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
| CVE-2024-36138 Bypass incomplete fix of CVE-2024-27980, that arises from improper han ... | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
| GHSA-p2ww-p57h-w5m7 Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | CVSS3: 8.1 | 0% Низкий | 9 месяцев назад |
 | BDU:2024-05133 Уязвимость программной платформы Node.js, связанная с ошибками при обработке входных данных, позволяющая нарушителю выполнять произвольные команды | CVSS3: 9.8 | 0% Низкий | 12 месяцев назад |
 | SUSE-SU-2024:2542-1 Security update for nodejs18 | 11 месяцев назад | ||
| SUSE-SU-2024:2496-1 Security update for nodejs18 | 11 месяцев назад | ||
| SUSE-SU-2024:2574-1 Security update for nodejs20 | 11 месяцев назад | ||
| SUSE-SU-2024:2543-1 Security update for nodejs20 | 11 месяцев назад |
Уязвимостей на страницу