Arbitrary Code Execution Vulnerability in Meta Spark Studio v176 and Earlier

Arbitrary Code Execution Vulnerability in Meta Spark Studio v176 and Earlier

CVE-2024-23347 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.

Learn more about our Web Application Penetration Testing UK.