High severityNVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026
CVE-2024-52011
CVE-2024-52011
Description
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the launch-editor version 2.9.0, corresponding to vite version 5.4.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
launch-editornpm | < 2.9.0 | 2.9.0 |
vitenpm | < 5.4.9 | 5.4.9 |
Affected products
3- Range: <2.9.0
- osv-coords2 versions
< 2.95.12-r26+ 1 more
- (no CPE)range: < 2.95.12-r26
- (no CPE)range: < 2.95.12-r28
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c27g-q93r-2cwfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52011ghsaADVISORY
- github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5envdWEB
- github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwfnvdWEB
- github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwfghsaWEB
News mentions
0No linked articles in our index yet.