CVE-2024-3566

Published Apr 10, 2024

Last updated a month ago

CVSS critical 9.8

Overview

Description: A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Source: cret@cert.org
NVD status: Analyzed
Products: process_library, node.js, php, rust, yt-dlp

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-77

Hype score: Not currently trending

🔵 Starlette, Denial of Service, #CVE-2024-3566 (Low) https://t.co/TEZtA2FCoA
@dailycve
21 Jul 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:haskell:process_library:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "838E7C22-2203-42B8-B8DE-52306C0053CD",
            "versionEndExcluding": "1.6.19.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "22F26905-4C5D-431E-955A-F2A35FA25401",
            "versionEndExcluding": "18.20.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F5CD069C-89BE-43CD-B741-0B976DCC5D2A",
            "versionEndExcluding": "20.12.2",
            "versionStartIncluding": "19.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "43547541-B480-439B-B18C-8FE493599E6F",
            "versionEndExcluding": "21.7.3",
            "versionStartIncluding": "21.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "FF638A38-6375-40D9-95A8-1013E3B630F9",
            "versionEndExcluding": "8.1.28",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6AC1B000-D5C4-49E9-8EFE-8C5C8FF50AF2",
            "versionEndExcluding": "8.2.18",
            "versionStartIncluding": "8.2.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E88C969D-88C3-46A2-96AB-A3F63E814F24",
            "versionEndExcluding": "8.3.6",
            "versionStartIncluding": "8.3.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C49FDBA9-6417-4761-9CF1-1EF8E70B782C",
            "versionEndExcluding": "1.77.2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:yt-dlp_project:yt-dlp:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "2C6B8E2D-693F-494C-BE61-CF52780035AF",
            "versionEndExcluding": "2024.04.09",
            "versionStartIncluding": "2021.04.11",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References