CVE-2024-36138

2024-09-0716:15:02

CWE-77

hackerone

web.nvd.nist.gov

1524

cve-2024-36138

improper handling

batch files

windows

code execution

child process

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

Percentile

9.5%

JSON

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

Affected configurations

Vulners

Vulnrichment

Node

nodejsnodeRange≤18.20.3

nodejsnodeRange≤20.15.0

nodejsnodeRange≤22.4.0

VendorProductVersionCPE
nodejsnode*cpe:2.3:a:nodejs:node:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nodejs	node	*	cpe:2.3:a:nodejs:node::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "vendor": "nodejs",
    "product": "node",
    "versions": [
      {
        "version": "18.20.3",
        "status": "affected",
        "lessThanOrEqual": "18.20.3",
        "versionType": "semver"
      },
      {
        "version": "20.15.0",
        "status": "affected",
        "lessThanOrEqual": "20.15.0",
        "versionType": "semver"
      },
      {
        "version": "22.4.0",
        "status": "affected",
        "lessThanOrEqual": "22.4.0",
        "versionType": "semver"
      }
    ]
  }
]