CVE-2024-23347 Information

Description

Prior to v176 when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.

Reference

https://www.facebook.com/security/advisories/cve-2024-23347