New vulnerability published by IBM concerning the Node.js development environment, and more precisely IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition [CVE-2024-36138].
As a reminder, Node.js is used as the runtime/SDK for Apache Cordova applications in IBM Rational Developer for i RPG and COBOL + Modernization Tools Java edition.
In detail, the platform could allow a remote attacker to execute arbitrary commands on the system, due to the incomplete fix of the batch file mishandling in child_process. spawn / child_process.spawnSync , (alert CVE-2024-27980).spawn / child_process.spawnSync , (alert CVE-2024-27980).
By sending a specially crafted command line argument, an attacker can exploit this vulnerability to inject and execute arbitrary commands on the system.
As usual, you can find the recommended patch to resolve this flaw in the Remedies/Fixes section. The CVSS score has risen to 7.3, so this vulnerability should be taken into account and corrected as soon as possible.
For more details on the Security alert, please visit the official IBM support site:
https://lnkd.in/eUVx6KXc
