- Description
- Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
- Source
- support@hackerone.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-77
- Hype score
- Not currently trending
CVE-2024-27980 Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achi… https://t.co/a3i4fktP7S
@CVEnew
9 Jan 2025
186 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
KUSANAGI 9モジュール更新情報 - 超高速CMS実行環境 KUSANAGI https://t.co/lwDlsuIKsj nodejs18.20.4-1に対応しました。この更新には脆弱性(CVE-2024-36138, CVE-2024-27980, CVE-2024-22020)への対応が含まれます。 #KUSANAGI #WEXAL
@yoshihiro_oh
23 Oct 2024
113 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes