Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
Published: 2024-09-07
CVSS: 8.1
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2024-36138 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-550-cve-2025-5914/
https://augustaverburg.nl/exploit-157-cve-2025-68615/
https://augustaverburg.nl/exploit-431-cve-2023-48365/
https://augustaverburg.nl/exploit-745-cve-2022-44702/