ROOT-APP-NPM-CVE-2024-21538 CVE-2024-21538 in @rootio/cross-spawn - Patched by Root

Root has patched CVE-2024-21538 in the @rootio/cross-spawn package for Root:npm. Multiple fixed versions available...

Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.16 (JSDSERVER-16497)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16497 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn

Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...

DoS (Denial of Service) cross-spawn Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in versions 6.0.5 and 10.3.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.7 and a CVSS Vector of code:java...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

NewStart CGSL MAIN 7.02 : nodejs Vulnerability (NS-SA-2025-0245)

The remote NewStart CGSL host, running version MAIN 7.02, has nodejs packages installed that are affected by a vulnerability: - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

EUVD-2024-3189

Malicious code in bioql PyPI...

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in cross-spawn-4.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of cross-spawn-4.0.2.tgz Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due t...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to cross-spawn ( CVE-2024-21538 )

Summary Potential vulnerabilities in cross-spawn module CVE-2024-21538 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular...

Security Bulletin: Vulnerability in cross-spawn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in cross-spawn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

Security Bulletin: Vulnerability in Versions of the package cross-spawn before 7.0.5 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Versions of the package cross-spawn before 7.0.5 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to detail...

Linux Distros Unpatched Vulnerability : CVE-2024-21538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

Security Bulletin: Vulnerability in Cross-Spawn affects watsonx.data

Summary Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS . This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denia...

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)

Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...

Medium: nodejs20

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...