Description

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

INFO

Published Date :

2025-01-09T00:33:47.722Z

Last Modified :

2025-04-30T22:25:25.133Z

Source :

hackerone
AFFECTED PRODUCTS

The following products are affected by CVE-2024-27980 vulnerability.

No data.

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact