Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-06-01T17:17:43 launch-editor: vite: launch-editor: Arbitrary command execution via insufficient file argument sanitization 8.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L CWE-88

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. This issue has been fixed in the `launch-editor` version 2.9.0, corresponding to vite version 5.4.9.

A flaw was found in launch-editor, a tool that allows users to open files with line numbers in an editor from Node.js. Due to insufficient sanitization of the `file` argument in the `launchEditor` function, an attacker can execute arbitrary commands on Windows systems by supplying a filename that contains special characters. This can lead to a complete compromise of the affected system.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Cryostat 4 Not affected cryostat-openshift-console-plugin-npm Cryostat 4 Not affected launch-editor Migration Toolkit for Containers Not affected rhmtc/openshift-migration-ui-rhel8 Node HealthCheck Operator Not affected workload-availability/node-healthcheck-must-gather-rhel9 Node HealthCheck Operator Not affected workload-availability/node-healthcheck-operator-bundle Node HealthCheck Operator Not affected workload-availability/node-healthcheck-rhel9-operator OpenShift Lightspeed Not affected openshift-lightspeed/lightspeed-console-plugin-419-rhel9 OpenShift Lightspeed Not affected openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9 OpenShift Lightspeed Not affected openshift-lightspeed/lightspeed-console-plugin-rhel9 OpenShift Pipelines Not affected openshift-pipelines/pipelines-console-plugin-pf5-rhel9 OpenShift Pipelines Not affected openshift-pipelines/pipelines-console-plugin-rhel8 OpenShift Pipelines Not affected openshift-pipelines/pipelines-console-plugin-rhel9 OpenShift Pipelines Not affected openshift-pipelines/pipelines-hub-ui-rhel8 OpenShift Pipelines Not affected openshift-pipelines/pipelines-hub-ui-rhel9 OpenShift Service Mesh 2 Not affected openshift-service-mesh/kiali-ossmc-rhel8 OpenShift Service Mesh 2 Not affected openshift-service-mesh/kiali-rhel8 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-operator-bundle OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-ossmc-rhel9 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-rhel9 OpenShift Service Mesh 3 Not affected openshift-service-mesh/kiali-rhel9-operator Red Hat AMQ Broker 7 Not affected launch-editor Red Hat AMQ Broker 7 Not affected vite Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-24/lightspeed-rhel8 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-25/lightspeed-rhel8 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-26/gateway-rhel9 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-26/lightspeed-rhel9 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-27/gateway-rhel9 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-27/lightspeed-rhel9 Red Hat Ansible Automation Platform 2 Not affected automation-controller Red Hat Ansible Automation Platform 2 Not affected automation-eda-controller Red Hat Ansible Automation Platform 2 Not affected automation-gateway Red Hat Ansible Automation Platform 2 Not affected automation-platform-ui Red Hat build of Apache Camel - HawtIO 4 Not affected launch-editor Red Hat Build of Keycloak Not affected vite Red Hat Build of Podman Desktop Not affected rh-podman-desktop.git Red Hat Build of Podman Desktop - Tech Preview Not affected rhdesktop/rh-podman-desktop-ext-bootc-rhel10 Red Hat Build of Podman Desktop - Tech Preview Not affected rhdesktop/rh-podman-desktop-ext-openshift-local-rhel10 Red Hat Build of Podman Desktop - Tech Preview Not affected rhdesktop/rh-podman-desktop-ext-redhat-account-rhel10 Red Hat Build of Podman Desktop - Tech Preview Not affected rhdesktop/rh-podman-desktop-ext-rhel-rhel10 Red Hat Build of Podman Desktop - Tech Preview Not affected rhdesktop/rh-podman-desktop-ext-sandbox-rhel10 Red Hat Data Grid 8 Not affected launch-editor Red Hat Developer Hub Not affected rhdh/rhdh-hub-rhel9 Red Hat Discovery 2 Not affected discovery/discovery-ui-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Not affected rhelai3/bootc-cuda-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Not affected rhelai3/bootc-gaudi-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Not affected rhelai3/bootc-rocm-rhel9 Red Hat Enterprise Linux AI (RHEL AI) 3 Not affected rhelai3/disk-image-cuda-rhel9 Red Hat JBoss Enterprise Application Platform 8 Not affected vite Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected vite Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-mlflow-rhel9 Red Hat OpenShift Container Platform 4 Not affected openshift4/ose-agent-installer-ui-rhel9 Red Hat OpenShift Container Platform 4 Not affected openshift4/ose-console-rhel9 Red Hat OpenShift Dev Spaces Not affected devspaces/openvsx-rhel9 Red Hat OpenShift Virtualization 4 Not affected container-native-virtualization/kubevirt-console-plugin-rhel9 Red Hat Quay 3 Not affected quay/quay-rhel8 Self-service automation portal 2 Not affected ansible-automation-platform/automation-portal https://www.cve.org/CVERecord?id=CVE-2024-52011 https://nvd.nist.gov/vuln/detail/CVE-2024-52011 https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf