CVE-2024-23347

Name of the Vulnerable Software and Affected Versions Meta Spark Studio versions prior to v176

Description When opening a new project, Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.

Recommendations For versions prior to v176, consider disabling the execution of scripts defined in the package.json file until a patch is available. Restrict access to the package.json file to minimize the risk of exploitation. Update to version v176 or later to resolve the issue.