Wind River Support Network

HomeDefectsLIN1023-4736
Fixed

LIN1023-4736 : Security Advisory - nodejs - CVE-2024-27980

Created: Apr 11, 2024    Updated: Apr 29, 2024
Resolved Date: Apr 28, 2024
Found In Version: 10.23.30.1
Fix Version: 10.23.30.10
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

nodejs: Command injection via args parameter of child_process.spawn without shell option enabled on Windows

https://github.com/nodejs/node/releases

CREATE(Triage):(User=admin) CVE-2024-27980 (https://nvd.nist.gov/vuln/detail/CVE-2024-27980)

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube