VYPR

Launch Editor

by Vitejs

Source repositories

CVEs (2)

  • CVE-2024-52011HigJun 1, 2026
    risk 0.42cvss epss 0.01

    launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that…

  • CVE-2026-53632Jun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary The `launch-editor` NPM package accesses arbitrary paths including Windows UNC paths. When a UNC path is opened, Windows automatically attempts NTLM authentication to the remote host, causing the user’s NTLMv2 password hash to be leaked to an attacker-controlled…