NodeJS/cross-spawn/0.2.6
Cross platform child_process#spawn and child_process#spawnSync
https://www.npmjs.com/package/cross-spawn
MIT
1 Security Vulnerabilities
Regular Expression Denial of Service (ReDoS) in cross-spawn
Published date: 2024-11-08T06:30:47Z
CVE: CVE-2024-21538
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2024-21538
- https://github.com/moxystudio/node-cross-spawn/pull/160
- https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff
- https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f
- https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://github.com/advisories/GHSA-3xgq-45jj-v275
- https://github.com/moxystudio/node-cross-spawn/issues/165
- https://github.com/moxystudio/node-cross-spawn/commit/d35c865b877d2f9ded7c1ed87521c2fdb689c8dd
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Affected versions:
["0.1.0", "0.1.2", "0.1.6", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.7", "0.2.8", "0.2.9", "0.3.0", "0.4.0", "1.0.0", "1.0.1", "1.0.3", "2.0.0", "2.0.1", "2.1.0", "2.1.1", "2.1.2", "2.2.2", "2.2.3", "3.0.0", "4.0.2", "5.0.1", "5.1.0", "6.0.1", "0.1.1", "0.1.3", "0.1.4", "0.1.5", "0.1.7", "0.2.4", "0.2.5", "0.2.6", "0.4.1", "1.0.2", "1.0.4", "2.1.3", "2.1.4", "2.1.5", "2.2.0", "3.0.1", "4.0.0", "5.0.0", "6.0.0", "6.0.2", "6.0.3", "6.0.4", "6.0.5", "7.0.2", "7.0.3", "7.0.0", "7.0.1", "7.0.4"]
Secure versions:
[6.0.6, 7.0.5, 7.0.6]
Recommendation:
Update to version 7.0.6.
58 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.1.7 | MIT | 1 | 2014-07-11 - 16:28 | about 11 years |
| 0.1.6 | MIT | 1 | 2014-07-03 - 08:47 | about 11 years |
| 0.1.5 | MIT | 1 | 2014-07-02 - 11:30 | about 11 years |
| 0.1.4 | MIT | 1 | 2014-06-30 - 23:25 | about 11 years |
| 0.1.3 | MIT | 1 | 2014-06-30 - 21:49 | about 11 years |
| 0.1.2 | MIT | 1 | 2014-06-30 - 21:29 | about 11 years |
| 0.1.1 | MIT | 1 | 2014-06-30 - 13:22 | about 11 years |
| 0.1.0 | MIT | 1 | 2014-06-30 - 01:04 | about 11 years |