From 8a468a368bfb33617ef45a298b76da03ab344c06 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Fri, 12 Apr 2024 14:44:51 -0300 Subject: [PATCH] vuln: add latest sec release (#1278) --- vuln/core/141.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 vuln/core/141.json diff --git a/vuln/core/141.json b/vuln/core/141.json new file mode 100644 index 00000000..270d3de6 --- /dev/null +++ b/vuln/core/141.json @@ -0,0 +1,12 @@ +{ + "cve": [ + "CVE-2024-27982" + ], + "vulnerable": "18.x || 20.x || 21.x", + "patched": "^18.20.2 || ^20.12.2 || ^21.7.3", + "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2/", + "overview": "Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.", + "affectedEnvironments": [ + "win32" + ] +}