Cyber Resilience

CVE-2024-23347

High

Published: 16 January 2024

Published
16 January 2024
Modified
20 June 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0023 46.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23347 is a high-severity an unspecified weakness vulnerability in Facebook Meta Spark Studio. Its CVSS base score is 7.8 (High).

Operationally, ranked at the 46.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as…

more

the application.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

facebook
meta spark studio
≤ 176

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References