EUVD-2024-3189

Malicious code in bioql PyPI...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cross-spawn-4.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cross-spawn-4.0.2.tgz Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due t...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to cross-spawn ( CVE-2024-21538 )

Summary Potential vulnerabilities in cross-spawn module CVE-2024-21538 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)

Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...

Security update for nodejs20

This update for nodejs20 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Updated to 20.18.1: Experimental Network Inspection Support in Node.js Exposes X509VFLAGPARTIALCHAIN to tls.createSecureContext New...

Security update for nodejs18

This update for nodejs18 fixes the following issues: CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: upgrade npm to 10.8.2 update simdutf to 5.6.0 update brotli to 1.1.0...

Low: Red Hat Security Advisory: ACS 4.4 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes a security fix. This release of ACS 4.4.7 provides the following security fix: cross-spawn: Regular expression denial of service CVE-2024-21538...

AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52551 CVE-2024-21538 affecting package nodejs18 for versions less than 18.20.3-2

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

1uphealth-provider-search (>=0.1.0 <=0.3.0), 20190403-utils (=1.0.0) +6912 more potentially affected by CVE-2024-21538 via cross-spawn (>=6.0.0 <=6.0.5)

cross-spawn NPM version =6.0.0, =0.1.0, =0.1.0, =0.1.4, =0.1.0, =1.0.0-beta.1, =0.1.1, =0.1.72, =9.0.0, =3.0.0, =1.0.0, =1.0.3 - @352inc/react-scripts =2.0.5-custom-6 and more Source cves: CVE-2024-21538 Source advisory: SNYK:JS-CROSSSPAWN-8303230...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. PoC javascript const argument =...