NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-21538

Summary	Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Publication Date	Nov. 8, 2024, 2:15 p.m.
Registration Date	Nov. 8, 2024, 4 p.m.
Last Update	Nov. 19, 2024, 11:15 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
2	https://github.com/moxystudio/node-cross-spawn/pull/160
3	https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f
4	https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff
5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349

Common Vulnerabilities List