CVE-2024-52011

HIGH

launch-editor < 2.9.0 - OS Command Injection via File Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-52011. PoCs published by HORKimhab.

AI-analyzed exploit summary The repository contains only a template structure with no actual exploit code or technical details for CVE-2024-52011. It includes placeholder files like a README with generic setup instructions and a license, but no functional PoC or analysis.

Description

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.

Exploits (1)

github STUB
by HORKimhab · poc
https://github.com/HORKimhab/CVE-2024-52011

The repository contains only a template structure with no actual exploit code or technical details for CVE-2024-52011. It includes placeholder files like a README with generic setup instructions and a license, but no functional PoC or analysis.

Classification
Stub 95%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unspecified
No auth needed
devstral-2 · analyzed Jun 09, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v4 7.5
EPSS 0.0008
EPSS Percentile 23.6%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-77
Status published
Products (4)
npm/launch-editor 0 - 2.9.0npm
npm/vite 0 - 5.4.9npm
vitejs/launch-editor < 2.9.0
vitejs/vite < 5.4.9
Published Jun 01, 2026
Tracked Since Jun 02, 2026