CVE-2024-27980

9 Ene 2025

Título es

CVE-2024-27980

Jue, 09/01/2025 – 01:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-27980

Descripción en

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

09/01/2025

Vector CVSS:3.1

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

8.10

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

http://www.openwall.com/lists/oss-security/2024/04/10/15

http://www.openwall.com/lists/oss-security/2024/07/11/6

http://www.openwall.com/lists/oss-security/2024/07/19/3

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MZN6PFXHTCCUENAKZXTGWPKUAHI6E2W/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUWBYDVCUSCX7YWTBX75LADMCVYFBGKU/

Enviar en el boletín

Off

CVE-2024-27980

CVE-2024-27980

Jose Alexis Correa Valencia