A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
[
{
"vendor": "Node.js",
"product": "Node.js",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*",
"lessThanOrEqual": "21.7.2",
"versionType": "custom"
}
]
},
{
"vendor": "Go Programming Language",
"product": "GoLang",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"vendor": "Haskell Programming Language",
"product": "Haskel",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
]
flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
kb.cert.org/vuls/id/123335
learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
www.cve.org/CVERecord?id=CVE-2024-1874
www.cve.org/CVERecord?id=CVE-2024-22423
www.cve.org/CVERecord?id=CVE-2024-24576
www.kb.cert.org/vuls/id/123335