vuln: update core index.json (#1279)

Co-authored-by: Create or Update Pull Request Action <[email protected]>
nodejs · Apr 13, 2024 · c72d744 · c72d744
1 parent 8a468a3
commit c72d744
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/vuln/core/index.json b/vuln/core/index.json
@@ -1738,5 +1738,17 @@
     "affectedEnvironments": [
       "all"
     ]
+  },
+  "141": {
+    "cve": [
+      "CVE-2024-27982"
+    ],
+    "vulnerable": "18.x || 20.x || 21.x",
+    "patched": "^18.20.2 || ^20.12.2 || ^21.7.3",
+    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2/",
+    "overview": "Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.",
+    "affectedEnvironments": [
+      "win32"
+    ]
   }
 }