CVE-2024-52011

N/A Unknown
Published: June 01, 2026 Modified: June 02, 2026
View on NVD

Description

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
Source: security-advisories@github.com
https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.5%
41th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-77

Related CVEs

CVE-2026-9699 6.8
CVE-2026-57667 8.5
CVE-2026-57665 5.3
CVE-2026-57664 4.3
CVE-2026-57663 8.5