Search criteria
2 vulnerabilities found for GoLang by Go Programming Language
CVE-2024-3566 (GCVE-0-2024-3566)
Vulnerability from nvd – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
VLAI
Title
Command injection vulnerability in programing languages on Microsoft Windows operating system.
Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Severity
9.8 (Critical)
CWE
Assigner
References
7 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Node.js | Node.js |
Affected:
* , ≤ 21.7.2
(custom)
|
|
| Go Programming Language | GoLang |
Affected:
*
|
|
| Haskell Programming Language | Haskel |
Affected:
*
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-18T17:35:41.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"tags": [
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nodejs",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_library",
"vendor": "haskell",
"versions": [
{
"lessThan": "1.6.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rust",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "1.77.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thephpgroup",
"vendor": "thephpgroup",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yt-dlp",
"vendor": "yt-dlp_project",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T16:13:02.290928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:25:43.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Node.js",
"vendor": "Node.js",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "GoLang",
"vendor": "Go Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Haskel",
"vendor": "Haskell Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T15:26:52.009Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3566",
"datePublished": "2024-04-10T15:22:56.099Z",
"dateReserved": "2024-04-10T04:58:27.982Z",
"dateUpdated": "2025-11-18T17:35:41.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3566 (GCVE-0-2024-3566)
Vulnerability from cvelistv5 – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
VLAI
Title
Command injection vulnerability in programing languages on Microsoft Windows operating system.
Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Severity
9.8 (Critical)
CWE
Assigner
References
7 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Node.js | Node.js |
Affected:
* , ≤ 21.7.2
(custom)
|
|
| Go Programming Language | GoLang |
Affected:
*
|
|
| Haskell Programming Language | Haskel |
Affected:
*
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-18T17:35:41.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"tags": [
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nodejs",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_library",
"vendor": "haskell",
"versions": [
{
"lessThan": "1.6.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rust",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "1.77.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thephpgroup",
"vendor": "thephpgroup",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yt-dlp",
"vendor": "yt-dlp_project",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T16:13:02.290928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:25:43.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Node.js",
"vendor": "Node.js",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "GoLang",
"vendor": "Go Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Haskel",
"vendor": "Haskell Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T15:26:52.009Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3566",
"datePublished": "2024-04-10T15:22:56.099Z",
"dateReserved": "2024-04-10T04:58:27.982Z",
"dateUpdated": "2025-11-18T17:35:41.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}