snehaljha
commented
2 months ago It has been fixed with new feature
Closed nisiviglia closed 2 months ago
snehaljha
commented
2 months ago It has been fixed with new feature
It seems that this extension was caught up in the security patch CVE-2024-27980. You must pass shell: true in the option on Windows environment if you need to spawn program ended with .bat or .cmd extension. The patch is deployed in 18.20.2, 20.12.2, 21.17.3 and also 22.0.0.
Details can be found on https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
i.e.
extension-util.js line 85 cmd = (0, child_process_1.spawn)(path.resolve(tomcat.catalinaHome, 'bin', this.catalinaScript), ['jpda', 'run'], {shell: true});