CVE-2024-3566

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-3566

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3566.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-3566

Aliases

Downstream

MINI-392m-8v5j-v4j8

MINI-hpmw-pxqr-xhgm

Published

2024-04-10T15:22:56.099Z

Modified

2026-05-30T07:41:25.964894221Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Command injection vulnerability in programing languages on Microsoft Windows operating system.

Details

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "*"
                },
                {
                    "last_affected": "21.7.2"
                },
                {
                    "last_affected": "*"
                },
                {
                    "last_affected": "*"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "certcc",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/3xxx/CVE-2024-3566.json"
}

References

Affected packages

Git

github.com/nodejs/node

Affected ranges

Type

GIT

Repo

https://github.com/nodejs/node

Events

Introduced

Fixed

9aedf16f8fb3b2e397a07e3844dd964ce435a8e3

Introduced

cc993fb2760d01457955f5b9ff787d559ed1c34e

Fixed

b3f0c612c8af7be46148f54604710bd5c6e2464f

Introduced

38d0e69347de4db532a3bb6bddf51ead9ff764f8

Fixed

97297e91febe3b49b50b22f0bea8ed21189a9e53

Database specific

{
    "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "18.20.2"
        },
        {
            "introduced": "19.0.0"
        },
        {
            "fixed": "20.12.2"
        },
        {
            "introduced": "21.0.0"
        },
        {
            "fixed": "21.7.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.1.0

v0.1.1

v0.1.10

v0.1.100

v0.1.101

v0.1.102

v0.1.103

v0.1.104

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.17

v0.1.18

v0.1.19

v0.1.2

v0.1.20

v0.1.21

v0.1.22

v0.1.23

v0.1.24

v0.1.25

v0.1.26

v0.1.27

v0.1.28

v0.1.29

v0.1.3

v0.1.30

v0.1.31

v0.1.32

v0.1.33

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.1.92

v0.1.93

v0.1.94

v0.1.95

v0.1.96

v0.1.97

v0.1.98

v0.1.99

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.4.0

v0.5.0

v0.5.1

v0.5.10

v0.5.2

v0.5.3

v0.5.4

v0.5.5

v0.5.5-rc1

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.7.0

v0.7.2

v0.7.3

v1.*

v1.0.1

v1.0.1-release

v1.0.2

v1.0.2-release

v1.0.3

v1.0.4

v1.1.0

v1.2.0

v1.3.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.7.0

v1.7.1

v18.*

v18.0.0

v18.1.0

v18.10.0

v18.11.0

v18.12.0

v18.12.1

v18.13.0

v18.14.0

v18.14.1

v18.14.2

v18.15.0

v18.16.0

v18.16.1

v18.17.0

v18.17.1

v18.18.0

v18.18.1

v18.18.2

v18.19.0

v18.19.1

v18.2.0

v18.20.0

v18.20.1

v18.3.0

v18.4.0

v18.5.0

v18.6.0

v18.7.0

v18.8.0

v18.9.0

v18.9.1

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.2.0

v2.2.1

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v2.5.0

v20.*

v20.0.0

v20.1.0

v20.10.0

v20.11.0

v20.11.1

v20.12.0

v20.12.1

v20.2.0

v20.3.0

v20.3.1

v20.4.0

v20.5.0

v20.5.1

v20.6.0

v20.6.1

v20.7.0

v20.8.0

v20.8.1

v20.9.0

v21.*

v21.0.0

v21.1.0

v21.2.0

v21.3.0

v21.4.0

v21.5.0

v21.6.0

v21.6.1

v21.6.2

v21.7.0

v21.7.1

v21.7.2

v3.*

v3.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3566.json"

github.com/php/php-src

Affected ranges

Type

GIT

Repo

https://github.com/php/php-src

Events

Introduced

Fixed

9119509142637005d079bcc2815ee43ec1c79524

Introduced

70ee6c20ad97e02c2b8098aeea96fefbbc3ac5c2

Fixed

d94fdf582e1fe4a1d85ded00a4c8b9935486c51d

Introduced

d26068059e83fe40de3430a512471d194119bee0

Fixed

6e8a26fba3020ad939a6cca2590c987176e00ded

Database specific

{
    "cpe": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.1.28"
        },
        {
            "introduced": "8.2.0"
        },
        {
            "fixed": "8.2.18"
        },
        {
            "introduced": "8.3.0"
        },
        {
            "fixed": "8.3.6"
        }
    ]
}

Affected versions

Other

POST_64BIT_BRANCH_MERGE

POST_AST_MERGE

POST_PHP7_NSAPI_REMOVAL

POST_PHP7_REMOVALS

POST_PHPNG_MERGE

PRE_64BIT_BRANCH_MERGE

PRE_AST_MERGE

PRE_PHP7_EREG_MYSQL_REMOVALS

PRE_PHP7_NSAPI_REMOVAL

PRE_PHP7_REMOVALS

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3566.json"

github.com/rust-lang/rust

Affected ranges

Type

GIT

Repo

https://github.com/rust-lang/rust

Events

Introduced

Fixed

25ef9e3d85d934b27d9dada2f9dd52b1dc63bb04

Database specific

{
    "cpe": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.77.2"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*

0.1

0.2

0.4

0.5

0.6

0.7

0.8

0.9

1.*

1.0.0-alpha

1.0.0-alpha.2

1.0.0-beta

1.77.0

1.77.1

release-0.*

release-0.1

release-0.2

release-0.4

release-0.5

release-0.6

release-0.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3566.json"

github.com/yt-dlp/yt-dlp

Affected ranges

Type

GIT

Repo

https://github.com/yt-dlp/yt-dlp

Events

Introduced

a0f30f194ad6b8e6c56a37df9469ca51f3812692

Fixed

168e72dcd3e04e0e19e92c012a04b8a1e4658f50

Database specific

{
    "cpe": "cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "2021.04.11"
        },
        {
            "fixed": "2024.04.09"
        }
    ]
}

Affected versions

2021.*

2021.04.11

2021.04.22

2021.05.11

2021.06.01

2021.06.08

2021.06.09

2021.06.23

2021.07.07

2021.07.21

2021.07.24

2021.08.02

2021.08.10

2021.09.02

2021.09.25

2021.10.09

2021.10.10

2021.10.22

2021.11.10

2021.11.10.1

2021.12.01

2021.12.25

2021.12.27

2022.*

2022.02.03

2022.02.04

2022.03.08.1

2022.04.08

2022.05.18

2022.06.22

2022.06.22.1

2022.06.29

2022.07.18

2022.08.08

2022.08.14

2022.08.19

2022.09.01

2022.10.04

2022.11.11

2023.*

2023.01.02

2023.01.06

2023.02.17

2023.03.03

2023.03.04

2023.06.21

2023.06.22

2023.07.06

2023.09.24

2023.10.07

2023.10.13

2023.11.14

2023.11.16

2023.12.30

2024.*

2024.03.10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3566.json"