NextGuard
UNKNOWNCVE-2024-21538

Regular Expression Denial of Service (ReDoS) in cross-spawn

Platform

nodejs

Component

cross-spawn

Fixed in

7.0.5

View on NVD

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

How to fix

Actualice la dependencia cross-spawn a la versión 6.0.6 o superior, o a la versión 7.0.5 o superior. Esto solucionará la vulnerabilidad ReDoS. Ejecute `npm install cross-spawn@latest` o `yarn upgrade cross-spawn` para actualizar.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free