HIGH
vitejs
CVE published 2026-06-01
CVE-2024-52011
CVE-2024-52011 is a command injection vulnerability in the launch-editor npm package, affecting versions prior to 2.9.0. The flaw exists in the `launchEditor` function's insufficient sanitization of the `file` argument on Windows systems. An attacker can execute arbitrary commands by supplying a crafted filename containing special characters. This vulnerability is particularly relevant for development env [truncated]