NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2024-21538

概要	Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
公表日	2024年11月8日14:15
登録日	2024年11月8日16:00
最終更新日	2024年11月19日23:15

関連情報、対策とツール

No	URL	refsource	タグ
1	https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
2	https://github.com/moxystudio/node-cross-spawn/pull/160
3	https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f
4	https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff
5	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349

共通脆弱性一覧