Search
Find a vulnerability
Search criteria
2 vulnerabilities found for GoLang by Go Programming Language
CVE-2024-3566 (GCVE-0-2024-3566)
Vulnerability from nvd – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
VLAI
EPSS
VEX
Title
Command injection vulnerability in programing languages on Microsoft Windows operating system.
Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Node.js | Node.js |
Affected:
* , ≤ 21.7.2
(custom)
|
|
| Go Programming Language | GoLang |
Affected:
*
|
|
| Haskell Programming Language | Haskel |
Affected:
*
|
|
| nodejs | nodejs |
Affected:
0 , ≤ 21.7.2
(custom)
cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:* |
|
| haskell | process_library |
Affected:
0 , < 1.6.19.0
(custom)
cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:* |
|
| rust-lang | rust |
Affected:
0 , < 1.77.2
(custom)
cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* |
|
| thephpgroup | thephpgroup |
Affected:
0 , < *
(custom)
cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:* |
|
| yt-dlp_project | yt-dlp |
Affected:
0 , < *
(custom)
cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-18T17:35:41.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"tags": [
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nodejs",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_library",
"vendor": "haskell",
"versions": [
{
"lessThan": "1.6.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rust",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "1.77.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thephpgroup",
"vendor": "thephpgroup",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yt-dlp",
"vendor": "yt-dlp_project",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T16:13:02.290928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:25:43.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Node.js",
"vendor": "Node.js",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "GoLang",
"vendor": "Go Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Haskel",
"vendor": "Haskell Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T15:26:52.009Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3566",
"datePublished": "2024-04-10T15:22:56.099Z",
"dateReserved": "2024-04-10T04:58:27.982Z",
"dateUpdated": "2025-11-18T17:35:41.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3566 (GCVE-0-2024-3566)
Vulnerability from cvelistv5 – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
VLAI
EPSS
VEX
Title
Command injection vulnerability in programing languages on Microsoft Windows operating system.
Summary
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
8 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Node.js | Node.js |
Affected:
* , ≤ 21.7.2
(custom)
|
|
| Go Programming Language | GoLang |
Affected:
*
|
|
| Haskell Programming Language | Haskel |
Affected:
*
|
|
| nodejs | nodejs |
Affected:
0 , ≤ 21.7.2
(custom)
cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:* |
|
| haskell | process_library |
Affected:
0 , < 1.6.19.0
(custom)
cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:* |
|
| rust-lang | rust |
Affected:
0 , < 1.77.2
(custom)
cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:* |
|
| thephpgroup | thephpgroup |
Affected:
0 , < *
(custom)
cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:* |
|
| yt-dlp_project | yt-dlp |
Affected:
0 , < *
(custom)
cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-18T17:35:41.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
},
{
"tags": [
"x_transferred"
],
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"tags": [
"x_transferred"
],
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nodejs",
"vendor": "nodejs",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "process_library",
"vendor": "haskell",
"versions": [
{
"lessThan": "1.6.19.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rust",
"vendor": "rust-lang",
"versions": [
{
"lessThan": "1.77.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thephpgroup",
"vendor": "thephpgroup",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yt-dlp",
"vendor": "yt-dlp_project",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-15T16:13:02.290928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T18:25:43.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "Node.js",
"vendor": "Node.js",
"versions": [
{
"lessThanOrEqual": "21.7.2",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "GoLang",
"vendor": "Go Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"platforms": [
"Windows"
],
"product": "Haskel",
"vendor": "Haskell Programming Language",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T15:26:52.009Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
},
{
"url": "https://kb.cert.org/vuls/id/123335"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
"x_generator": {
"engine": "VINCE 2.1.12",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3566",
"datePublished": "2024-04-10T15:22:56.099Z",
"dateReserved": "2024-04-10T04:58:27.982Z",
"dateUpdated": "2025-11-18T17:35:41.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}