CVE-2024-36138 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-36138 Interim 1 22 2026-03-05T02:30:12Z current 2024-07-09T23:11:56Z 2026-03-05T02:30:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-36138 Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2024-July/018981.html E-Mail link for SUSE-SU-2024:2496-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/018991.html E-Mail link for SUSE-SU-2024:2542-1 https://lists.suse.com/pipermail/sle-security-updates/2024-July/018990.html E-Mail link for SUSE-SU-2024:2543-1 https://lists.suse.com/pipermail/sle-updates/2024-July/036101.html E-Mail link for SUSE-SU-2024:2574-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OWCPL7VTEVIGUDVKLEV2D2ITNTWKC4AZ/ E-Mail link for openSUSE-SU-2024:14435-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container bci/nodejs:18-26.9 Container containers/open-webui:0.6.9-10.1 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Server 15 SP4-TERADATA SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SP5 SUSE Linux Enterprise Module for Web and Scripting 15 SP6 openSUSE Leap 15.5 openSUSE Leap 15.6 openSUSE Tumbleweed corepack18-18.20.4-150400.9.24.2 corepack20-20.15.1-150500.11.12.2 corepack20-20.15.1-150600.3.3.2 corepack22-22.10.0-1.1 corepack22-22.15.1-160000.2.2 corepack24-24.11.1-2.1 nodejs18-18.20.4-150400.9.24.2 nodejs18-18.20.4-8.24.1 nodejs18-devel-18.20.4-150400.9.24.2 nodejs18-devel-18.20.4-8.24.1 nodejs18-docs-18.20.4-150400.9.24.2 nodejs18-docs-18.20.4-8.24.1 nodejs20-20.15.1-150500.11.12.2 nodejs20-20.15.1-150600.3.3.2 nodejs20-devel-20.15.1-150500.11.12.2 nodejs20-devel-20.15.1-150600.3.3.2 nodejs20-docs-20.15.1-150500.11.12.2 nodejs20-docs-20.15.1-150600.3.3.2 nodejs22-22.10.0-1.1 nodejs22-22.15.1-160000.2.2 nodejs22-devel-22.10.0-1.1 nodejs22-devel-22.15.1-160000.2.2 nodejs22-docs-22.10.0-1.1 nodejs22-docs-22.15.1-160000.2.2 nodejs24-24.11.1-2.1 nodejs24-devel-24.11.1-2.1 nodejs24-docs-24.11.1-2.1 npm18-18.20.4-150400.9.24.2 npm18-18.20.4-8.24.1 npm20-20.15.1-150500.11.12.2 npm20-20.15.1-150600.3.3.2 npm22-22.10.0-1.1 npm22-22.15.1-160000.2.2 npm24-24.11.1-2.1 nodejs18-18.20.4-150400.9.24.2 as a component of Container bci/nodejs:18-26.9 npm18-18.20.4-150400.9.24.2 as a component of Container bci/nodejs:18-26.9 nodejs20-20.15.1-150600.3.3.2 as a component of Container containers/open-webui:0.6.9-10.1 nodejs18-18.20.4-8.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs18-devel-18.20.4-8.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs18-docs-18.20.4-8.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm18-18.20.4-8.24.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs18-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs18-devel-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs18-docs-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-devel-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-docs-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 npm18-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 npm20-20.15.1-150500.11.12.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5 nodejs20-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 nodejs20-devel-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 nodejs20-docs-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 npm20-20.15.1-150600.3.3.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6 nodejs18-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA nodejs18-devel-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA nodejs18-docs-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA npm18-18.20.4-150400.9.24.2 as a component of SUSE Linux Enterprise Server 15 SP4-TERADATA corepack22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-devel-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 nodejs22-docs-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 npm22-22.15.1-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 corepack18-18.20.4-150400.9.24.2 as a component of openSUSE Leap 15.5 corepack20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs18-18.20.4-150400.9.24.2 as a component of openSUSE Leap 15.5 nodejs18-devel-18.20.4-150400.9.24.2 as a component of openSUSE Leap 15.5 nodejs18-docs-18.20.4-150400.9.24.2 as a component of openSUSE Leap 15.5 nodejs20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs20-devel-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 nodejs20-docs-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 npm18-18.20.4-150400.9.24.2 as a component of openSUSE Leap 15.5 npm20-20.15.1-150500.11.12.2 as a component of openSUSE Leap 15.5 corepack20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-devel-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 nodejs20-docs-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 npm20-20.15.1-150600.3.3.2 as a component of openSUSE Leap 15.6 corepack22-22.10.0-1.1 as a component of openSUSE Tumbleweed corepack24-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs22-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs22-devel-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs22-docs-22.10.0-1.1 as a component of openSUSE Tumbleweed nodejs24-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs24-devel-24.11.1-2.1 as a component of openSUSE Tumbleweed nodejs24-docs-24.11.1-2.1 as a component of openSUSE Tumbleweed npm22-22.10.0-1.1 as a component of openSUSE Tumbleweed npm24-24.11.1-2.1 as a component of openSUSE Tumbleweed Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. CVE-2024-36138 Container bci/nodejs:18-26.9:nodejs18-18.20.4-150400.9.24.2 Container bci/nodejs:18-26.9:npm18-18.20.4-150400.9.24.2 Container containers/open-webui:0.6.9-10.1:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:corepack18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:corepack20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs18-devel-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs18-docs-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-devel-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:nodejs20-docs-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:npm18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP7:npm20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.4-8.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.4-8.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.4-8.24.1 SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.4-8.24.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.15.1-150500.11.12.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.15.1-150600.3.3.2 SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.15.1-150600.3.3.2 SUSE Linux Enterprise Server 15 SP4-TERADATA:nodejs18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Server 15 SP4-TERADATA:nodejs18-devel-18.20.4-150400.9.24.2 SUSE Linux Enterprise Server 15 SP4-TERADATA:nodejs18-docs-18.20.4-150400.9.24.2 SUSE Linux Enterprise Server 15 SP4-TERADATA:npm18-18.20.4-150400.9.24.2 SUSE Linux Enterprise Server 16.0:corepack22-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-devel-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:nodejs22-docs-22.15.1-160000.2.2 SUSE Linux Enterprise Server 16.0:npm22-22.15.1-160000.2.2 openSUSE Leap 15.5:corepack18-18.20.4-150400.9.24.2 openSUSE Leap 15.5:corepack20-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs18-18.20.4-150400.9.24.2 openSUSE Leap 15.5:nodejs18-devel-18.20.4-150400.9.24.2 openSUSE Leap 15.5:nodejs18-docs-18.20.4-150400.9.24.2 openSUSE Leap 15.5:nodejs20-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs20-devel-20.15.1-150500.11.12.2 openSUSE Leap 15.5:nodejs20-docs-20.15.1-150500.11.12.2 openSUSE Leap 15.5:npm18-18.20.4-150400.9.24.2 openSUSE Leap 15.5:npm20-20.15.1-150500.11.12.2 openSUSE Leap 15.6:corepack20-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-devel-20.15.1-150600.3.3.2 openSUSE Leap 15.6:nodejs20-docs-20.15.1-150600.3.3.2 openSUSE Leap 15.6:npm20-20.15.1-150600.3.3.2 openSUSE Tumbleweed:corepack22-22.10.0-1.1 openSUSE Tumbleweed:corepack24-24.11.1-2.1 openSUSE Tumbleweed:nodejs22-22.10.0-1.1 openSUSE Tumbleweed:nodejs22-devel-22.10.0-1.1 openSUSE Tumbleweed:nodejs22-docs-22.10.0-1.1 openSUSE Tumbleweed:nodejs24-24.11.1-2.1 openSUSE Tumbleweed:nodejs24-devel-24.11.1-2.1 openSUSE Tumbleweed:nodejs24-docs-24.11.1-2.1 openSUSE Tumbleweed:npm22-22.10.0-1.1 openSUSE Tumbleweed:npm24-24.11.1-2.1 moderate