vuln: update core index.json (#1523)

github-actions[bot] · create-or-update-pull-request · web-flow · commit cf985e3cba98 · 2025-09-15T14:24:46.000-03:00
Co-authored-by: Create or Update Pull Request Action &lt;create-or-update-pull-request@users.noreply.github.com&gt;
diff --git a/vuln/core/index.json b/vuln/core/index.json
@@ -1887,12 +1887,13 @@
     ],
     "vulnerable": "18.x || 20.x || 21.x",
     "patched": "^18.20.2 || ^20.12.2 || ^21.7.3",
-    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2/",
+    "ref": "https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2",
+    "description": "Command injection via args parameter of child_process.spawn without shell option enabled on Windows",
     "overview": "Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.",
     "affectedEnvironments": [
       "win32"
     ],
-    "severity": "medium"
+    "severity": "high"
   },
   "142": {
     "cve": [
