CVE-2024-3566
published 2024-04-10CVE-2024-3566: A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nodejs | — | — |
| go_programming_language | golang | — | — |
| haskell | process_library | < 1.6.19.0 | 1.6.19.0 |
| haskell_programming_language | haskel | — | — |
| node.js | node.js | * – 21.7.2 | — |
| nodejs | node.js | < 18.20.2 | 18.20.2 |
| nodejs | node.js | >= 19.0.0 < 20.12.2 | 20.12.2 |
| nodejs | node.js | >= 21.0.0 < 21.7.3 | 21.7.3 |
| php | php | < 8.1.28 | 8.1.28 |
| php | php | >= 8.2.0 < 8.2.18 | 8.2.18 |
| php | php | >= 8.3.0 < 8.3.6 | 8.3.6 |
| rust-lang | rust | < 1.77.2 | 1.77.2 |
| symfony | process | >= 1.0.0.0 < 1.6.23.0 | 1.6.23.0 |
| yt-dlp_project | yt-dlp | >= 2021.04.11 < 2024.04.09 | 2024.04.09 |