Search

Find a vulnerability

Search criteria

    4 vulnerabilities by Haskell Programming Language

    CVE-2026-9648 (GCVE-0-2026-9648)

    Vulnerability from nvd – Published: 2026-06-11 14:30 – Updated: 2026-06-11 15:39
    VLAI
    Title
    CVE-2026-9648
    Summary
    The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:10:30.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/862559"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T15:39:09.493112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:39:31.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "crypton-certificate",
              "vendor": "Haskell Programming Language",
              "versions": [
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA\u2019s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:30:30.800Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30"
            },
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30/changes/f4b77edf6ead77f4a886da40e41eab20f0180e39"
            },
            {
              "url": "https://hackage.haskell.org/package/crypton-x509-validation-1.9.1/revisions/"
            },
            {
              "url": "https://github.com/haskell/security-advisories/pull/332"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-9648",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-9648"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-9648",
        "datePublished": "2026-06-11T14:30:30.800Z",
        "dateReserved": "2026-05-26T19:26:04.460Z",
        "dateUpdated": "2026-06-11T15:39:31.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3566 (GCVE-0-2024-3566)

    Vulnerability from nvd – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
    VLAI
    Title
    Command injection vulnerability in programing languages on Microsoft Windows operating system.
    Summary
    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Node.js Node.js Affected: * , ≤ 21.7.2 (custom)
    Create a notification for this product.
    Go Programming Language GoLang Affected: *
    Create a notification for this product.
    Haskell Programming Language Haskel Affected: *
    Create a notification for this product.
    nodejs nodejs Affected: 0 , ≤ 21.7.2 (custom)
        cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*
    Create a notification for this product.
    haskell process_library Affected: 0 , < 1.6.19.0 (custom)
        cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rust-lang rust Affected: 0 , < 1.77.2 (custom)
        cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
    Create a notification for this product.
    thephpgroup thephpgroup Affected: 0 , < * (custom)
        cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    yt-dlp_project yt-dlp Affected: 0 , < * (custom)
        cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-18T17:35:41.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/123335"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/123335"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nodejs",
                "vendor": "nodejs",
                "versions": [
                  {
                    "lessThanOrEqual": "21.7.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "process_library",
                "vendor": "haskell",
                "versions": [
                  {
                    "lessThan": "1.6.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rust",
                "vendor": "rust-lang",
                "versions": [
                  {
                    "lessThan": "1.77.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thephpgroup",
                "vendor": "thephpgroup",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "yt-dlp",
                "vendor": "yt-dlp_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-15T16:13:02.290928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T18:25:43.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Node.js",
              "vendor": "Node.js",
              "versions": [
                {
                  "lessThanOrEqual": "21.7.2",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "GoLang",
              "vendor": "Go Programming Language",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "Haskel",
              "vendor": "Haskell Programming Language",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-10T15:26:52.009Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
            },
            {
              "url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
            },
            {
              "url": "https://kb.cert.org/vuls/id/123335"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
            },
            {
              "url": "https://www.kb.cert.org/vuls/id/123335"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
          "x_generator": {
            "engine": "VINCE 2.1.12",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2024-3566",
        "datePublished": "2024-04-10T15:22:56.099Z",
        "dateReserved": "2024-04-10T04:58:27.982Z",
        "dateUpdated": "2025-11-18T17:35:41.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9648 (GCVE-0-2026-9648)

    Vulnerability from cvelistv5 – Published: 2026-06-11 14:30 – Updated: 2026-06-11 15:39
    VLAI
    Title
    CVE-2026-9648
    Summary
    The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:10:30.272Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/862559"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9648",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-11T15:39:09.493112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-11T15:39:31.210Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "crypton-certificate",
              "vendor": "Haskell Programming Language",
              "versions": [
                {
                  "lessThan": "1.9.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA\u2019s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T14:30:30.800Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30"
            },
            {
              "url": "https://github.com/kazu-yamamoto/crypton-certificate/pull/30/changes/f4b77edf6ead77f4a886da40e41eab20f0180e39"
            },
            {
              "url": "https://hackage.haskell.org/package/crypton-x509-validation-1.9.1/revisions/"
            },
            {
              "url": "https://github.com/haskell/security-advisories/pull/332"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "CVE-2026-9648",
          "x_generator": {
            "engine": "VINCE 3.0.42",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-9648"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-9648",
        "datePublished": "2026-06-11T14:30:30.800Z",
        "dateReserved": "2026-05-26T19:26:04.460Z",
        "dateUpdated": "2026-06-11T15:39:31.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3566 (GCVE-0-2024-3566)

    Vulnerability from cvelistv5 – Published: 2024-04-10 15:22 – Updated: 2025-11-18 17:35
    VLAI
    Title
    Command injection vulnerability in programing languages on Microsoft Windows operating system.
    Summary
    A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Node.js Node.js Affected: * , ≤ 21.7.2 (custom)
    Create a notification for this product.
    Go Programming Language GoLang Affected: *
    Create a notification for this product.
    Haskell Programming Language Haskel Affected: *
    Create a notification for this product.
    nodejs nodejs Affected: 0 , ≤ 21.7.2 (custom)
        cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*
    Create a notification for this product.
    haskell process_library Affected: 0 , < 1.6.19.0 (custom)
        cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*
    Create a notification for this product.
    rust-lang rust Affected: 0 , < 1.77.2 (custom)
        cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*
    Create a notification for this product.
    thephpgroup thephpgroup Affected: 0 , < * (custom)
        cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    yt-dlp_project yt-dlp Affected: 0 , < * (custom)
        cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-18T17:35:41.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/123335"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/123335"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "nodejs",
                "vendor": "nodejs",
                "versions": [
                  {
                    "lessThanOrEqual": "21.7.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "process_library",
                "vendor": "haskell",
                "versions": [
                  {
                    "lessThan": "1.6.19.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "rust",
                "vendor": "rust-lang",
                "versions": [
                  {
                    "lessThan": "1.77.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:thephpgroup:thephpgroup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "thephpgroup",
                "vendor": "thephpgroup",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:yt-dlp_project:yt-dlp:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "yt-dlp",
                "vendor": "yt-dlp_project",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3566",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-15T16:13:02.290928Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T18:25:43.487Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "Node.js",
              "vendor": "Node.js",
              "versions": [
                {
                  "lessThanOrEqual": "21.7.2",
                  "status": "affected",
                  "version": "*",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "GoLang",
              "vendor": "Go Programming Language",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            },
            {
              "platforms": [
                "Windows"
              ],
              "product": "Haskel",
              "vendor": "Haskell Programming Language",
              "versions": [
                {
                  "status": "affected",
                  "version": "*"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-10T15:26:52.009Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/"
            },
            {
              "url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way"
            },
            {
              "url": "https://kb.cert.org/vuls/id/123335"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-24576"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-1874"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-22423"
            },
            {
              "url": "https://www.kb.cert.org/vuls/id/123335"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection vulnerability in programing languages on Microsoft Windows operating system.",
          "x_generator": {
            "engine": "VINCE 2.1.12",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3566"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2024-3566",
        "datePublished": "2024-04-10T15:22:56.099Z",
        "dateReserved": "2024-04-10T04:58:27.982Z",
        "dateUpdated": "2025-11-18T17:35:41.547Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }