CVE-2024-23347

Summary

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.

Affected Software

VendorProductVersion RangeStatus
Meta Platforms, IncMeta Spark Studio0 < 176affected

Weaknesses

  • CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References