Command Injection Vulnerability Affects Windows Applications
CVE-2024-3566

Currently unrated

Key Information:

Vendor: Node.js
Status: Node.js; Golang; Haskel
Vendor: CVE Published:; 10 April 2024

What is CVE-2024-3566?

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Affected Version(s)

GoLang Windows *

Haskel Windows *

Node.js Windows * <= 21.7.2

References

https://flatt.tech/research/posts/batbadbut-you-cant-secu...

https://learn.microsoft.com/en-us/archive/blogs/twistylit...

https://kb.cert.org/vuls/id/123335

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2024
Vulnerability Reserved
Apr 10, 2024