AZL-52551 CVE-2024-21538 affecting package nodejs18 for versions less than 18.20.3-2

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52604 CVE-2024-21538 affecting package nodejs for versions less than 20.14.0-3

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

CVE-2024-21538

CVE-2024-21538 affects the cross-spawn package. The NVD description notes a ReDoS vulnerability caused by improper input sanitization, enabling an attacker to drive high CPU usage and crash the process with crafted input. Affected versions are cross-spawn before 6.0.6, and between 7.0.0 and befor...

cross-spawn 安全漏洞

cross-spawn is an open source library from MOXY. A security vulnerability exists in cross-spawn versions prior to 7.0.5, which stems from improper input cleanup and is vulnerable to a regular expression denial of service attack...

1uphealth-provider-search (>=0.1.0 <=0.3.0), 20190403-utils (=1.0.0) +6914 more potentially affected by CVE-2024-21538 via cross-spawn (>=6.0.0 <=6.0.5)

cross-spawn NPM version =6.0.0, =0.1.0, =0.1.0, =0.1.4, =0.1.0, =1.0.0-beta.1, =0.1.1, =0.1.72, =9.0.0, =3.0.0, =1.0.0, =1.0.3 - @352inc/react-scripts =2.0.5-custom-6 and more Source cves: CVE-2024-21538 Source advisory: SNYK:JS-CROSSSPAWN-8303230...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0x0.icu.anima (=0.1.0) +14304 more potentially affected by CVE-2024-21538 via cross-spawn (>=7.0.0 <=7.0.3)

cross-spawn NPM version =7.0.0, =1.0.1, =1.1.0 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 - 0xgank-tea-child-eveni...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. PoC javascript const argument =...

PT-2023-9813

Name of the Vulnerable Software and Affected Versions cross-spawn versions prior to 7.0.5 Description The issue is related to a Regular Expression Denial of Service ReDoS in the cross-spawn package. This occurs due to improper input sanitization, allowing an attacker to craft a large and...