CVE-2024-52011
Title: Arbitrary Command Execution in launch-editor via file argument
Arbitrary Command Execution
Proof Of Concept
PoC Available for CVE-2024-52011
CWE Category
CWE-77
Published Date
Jun 01, 2026
Modified Date
Jun 02, 2026
Exploit Status
Available
Score
7.5
CVSS v4.0
Exploit Probability (EPSS)
0.42%
Vulnerability Summary
CVE-2024-52011: launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.
Impacted Vendors
Analysis in Progress...
Reference Links
CVSS v4.0
Source Entity
[email protected]
Severity
HIGH
7.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
ACTIVE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
N/A
RAW VECTOR
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2024-52011 Exploits & PoCs (Proof Of Concept)
GitHub
https://github.com/HORKimhab/CVE-2024-52011
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
MODIFIED
Vulnerability data updated via NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
ACTIVE
CVSS Vector String
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Stack
No specific products linked.