https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-04T05:29:32.748959+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/7b20b084-269f-4f60-86dd-591b7b067a1b/export7b20b084-269f-4f60-86dd-591b7b067a1b2026-06-04T05:29:33.105587+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "7b20b084-269f-4f60-86dd-591b7b067a1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T18:51:02.000000Z"}2026-06-03T18:51:02+00:00https://vulnerability.circl.lu/sighting/08000e06-87df-4fab-8dd7-ac4b4dc8b60d/export08000e06-87df-4fab-8dd7-ac4b4dc8b60d2026-06-04T05:29:33.102861+00:00Automation userhttps://cve.circl.lu/user/automation{"uuid": "08000e06-87df-4fab-8dd7-ac4b4dc8b60d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52011", "type": "seen", "source": "https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7", "content": "# CVE-2024-52011: CVE-2024-52011: Remote Command Injection in ViteJS launch-editor\n\n> **CVSS Score:** 7.5\n> **Published:** 2026-06-03\n> **Full Report:** https://cvereports.com/reports/CVE-2024-52011\n\n## Summary\nCVE-2024-52011 is a critical command injection vulnerability in the ViteJS launch-editor utility (versions prior to 2.9.0) affecting Windows environments. Unsanitized command-line arguments can lead to remote code execution on a developer workstation via cross-origin requests targeting the local development server.\n\n## TL;DR\nViteJS launch-editor before version 2.9.0 on Windows fails to validate line numbers parsed from filenames, allowing remote attackers to trigger arbitrary command execution on developer workstations via cross-origin HTTP requests targeting the local development server.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-77\n- **Attack Vector**: Network / Cross-Origin HTTP Request\n- **CVSS Score**: 7.5 (High)\n- **EPSS Score**: 0.0006\n- **Impact**: Remote Code Execution (RCE)\n- **Exploit Status**: Proof-of-Concept Available\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Vite Development Server\n- launch-editor (npm package)\n- Windows Operating System\n- **launch-editor**: < 2.9.0 (Fixed in: `2.9.0`)\n- **vite**: < 5.4.9 (Fixed in: `5.4.9`)\n\n## Mitigation\n\n- Upgrade launch-editor to version 2.9.0 or higher.\n- Upgrade vite to version 5.4.9 or higher.\n- Enforce strict host header validation and cross-origin controls on development servers.\n- Utilize browser plugins or local firewalls to block cross-origin requests targeting localhost.\n\n**Remediation Steps:**\n1. Verify the installed launch-editor and vite versions in package-lock.json or yarn.lock.\n2. Run 'npm install launch-editor@latest' or 'npm update vite' to apply security updates.\n3. Restart any running local development servers to apply the patched versions.\n\n## References\n\n- [GitHub Security Advisory GHSA-c27g-q93r-2cwf](https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf)\n- [NVD - CVE-2024-52011](https://nvd.nist.gov/vuln/detail/CVE-2024-52011)\n- [CVE Org Authority Record - CVE-2024-52011](https://www.cve.org/CVERecord?id=CVE-2024-52011)\n- [Official Fix Commit](https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2024-52011) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-03T19:00:57.000000Z"}2026-06-03T19:00:57+00:00