Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j5rk-591y-qfgs
Vulnerability ID VCID-j5rk-591y-qfgs
Aliases CVE-2024-52011
GHSA-c27g-q93r-2cwf
Summary launch-editor: vite: launch-editor: Arbitrary command execution via insufficient file argument sanitization
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
System Score Found at
cvssv3 8.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2024-52011
epss 0.00079 https://api.first.org/data/v1/epss?cve=CVE-2024-52011
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-c27g-q93r-2cwf
cvssv4 7.5 https://github.com/vitejs/launch-editor
generic_textual HIGH https://github.com/vitejs/launch-editor
cvssv4 7.5 https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
generic_textual HIGH https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
ssvc Track https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
cvssv3.1_qr HIGH https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
cvssv4 7.5 https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
generic_textual HIGH https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
ssvc Track https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
cvssv3.1_qr HIGH https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
cvssv4 7.5 https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
generic_textual HIGH https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
cvssv4 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-52011
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-52011
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json
https://api.first.org/data/v1/epss?cve=CVE-2024-52011
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/vitejs/launch-editor
https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
https://nvd.nist.gov/vuln/detail/CVE-2024-52011
2483853 https://bugzilla.redhat.com/show_bug.cgi?id=2483853
GHSA-c27g-q93r-2cwf https://github.com/advisories/GHSA-c27g-q93r-2cwf
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/vitejs/launch-editor
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-06-02T15:24:21Z/ Found at https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-06-02T15:24:21Z/ Found at https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-52011
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18977
EPSS Score 0.0006
Published At June 6, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:28:09.381189+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json 38.6.0