CVE-2024-27980 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands an…
High CVSS: 8.1

CVE-2024-27980

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Vendor
-
Product
-
CWE
CWE-77
Yayın Tarihi
2025-01-09 01:15:08
Güncelleme
2025-01-09 22:15:27
Source Identifier
support@hackerone.com
KEV Date Added
-

Kategoriler

CWE-77 HIGH 2025

Referanslar

http://www.openwall.com/lists/oss-security/2024/04/10/15 http://www.openwall.com/lists/oss-security/2024/07/11/6 http://www.openwall.com/lists/oss-security/2024/07/19/3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/