vuln: add latest sec release (#1278)

nodejs · Apr 12, 2024 · 8a468a3 · 8a468a3
1 parent 96ad6cc
commit 8a468a3
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/vuln/core/141.json b/vuln/core/141.json
@@ -0,0 +1,12 @@
+{
+    "cve": [
+        "CVE-2024-27982"
+    ],
+    "vulnerable": "18.x || 20.x || 21.x",
+    "patched": "^18.20.2 || ^20.12.2 || ^21.7.3",
+    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2/",
+    "overview": "Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.",
+    "affectedEnvironments": [
+        "win32"
+    ]
+}