CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection

A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection. This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.