27 matches found
CVE-2026-53632
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...
CVE-2026-53632 NTLMv2 hash disclosure via UNC path handling on Windows
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the...
CVE-2026-53632
CVE-2026-53632 affects the npm package launch-editor . Before version 2.14.1, it can open arbitrary paths including Windows UNC paths; when a UNC path is opened Windows triggers NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled ...
External Control of File Name or Path
Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a...
GHSA-V6WH-96G9-6WX3 launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
Summary The launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled SMB server. This can result ...
External Control of File Name or Path
Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a malicious SMB server...
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm launch-editor versions = 2.14.0...
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...
PT-2026-49575
Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.14.1 Description The launch-editor NPM package allows the access of arbitrary paths, including Windows UNC Universal Naming Convention paths. On Windows systems, accessing a UNC path triggers an automatic NTLM...
launch-editor vulnerable to command injection via the crafted request on Windows
Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...
org.webjars.npm:launch-editor-middleware (=2.2.1) potentially affected by CVE-2024-52011 via org.webjars.npm:launch-editor (=2.2.1)
org.webjars.npm:launch-editor MAVEN version =2.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:launch-editor and may be impacted: - org.webjars.npm:launch-editor-middleware =2.2.1 Source cves: CVE-2024-52011 Source advisory:...
-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +25718 more potentially affected by CVE-2024-52011 via launch-editor (>=2.10.0 <=2.8.2)
launch-editor NPM version =2.10.0, =0.1.0, =1.0.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and...
EUVD-2024-55605
launch-editor vulnerable to command injection via the crafted request on Windows...
Arbitrary Command Injection
Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted filename as the...
GHSA-C27G-Q93R-2CWF launch-editor vulnerable to command injection via the crafted request on Windows
Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...
Arbitrary Command Injection
Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted...
SUSE CVE-2024-52011
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
PT-2026-46090
Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...
CVE-2024-52011
A flaw was found in launch-editor, a tool that allows users to open files with line numbers in an editor from Node.js. Due to insufficient sanitization of the file argument in the launchEditor function, an attacker can execute arbitrary commands on Windows systems by supplying a filename that...