Node.js: Command Injection Vulnerability in Windows Applications - Proactive Insights and Support For Open-Source Applications

In Node.js versions up to 21.7.2 a command inject vulnerability CVE-2024-3566 was detected. It lets a hacker run commands on Windows apps that indirectly depend on the CreateProcess function when the specific conditions are satisfied. There’s no fix available for this issue at the moment. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-3566/.