Vitejs Launch-Editor vulnerabilities
2 known vulnerabilities affecting vitejs/launch-editor.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-52011P3HIGHCVSS 8.3fixed in 2.9.02026-06-01
CVE-2024-52011 [HIGH] CWE-77 CVE-2024-52011: launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` vers
ghsanvd
CVE-2026-53632P3MEDIUMCVSS 5.5fixed in 2.14.12026-06-22
CVE-2026-53632 [MEDIUM] CWE-73 CVE-2026-53632: launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1,
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-con
nvd