CVE-2024-3566

Summary

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Affected Software

VendorProductVersion RangeStatus
Node.jsNode.js* <= 21.7.2affected
Go Programming LanguageGoLang*affected
Haskell Programming LanguageHaskel*affected

Weaknesses

  • CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References