VYPR
High severityNVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026

CVE-2024-52011

CVE-2024-52011

Description

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the launch-editor version 2.9.0, corresponding to vite version 5.4.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
launch-editornpm
< 2.9.02.9.0
vitenpm
< 5.4.95.4.9

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.

CVE-2024-52011 · High · VYPR