NVD - CVE-2024-21538 (original) (raw)

Change History

4 change records found show changes

CVE Modified by CISA-ADP 5/20/2025 11:16:03 AM

Action Type Old Value New Value
Added CWE CWE-1333

CVE Modified by Snyk 5/19/2025 12:15:22 AM

Action Type Old Value New Value
Changed Description Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVE Modified by Snyk 11/19/2024 9:15:17 AM

Action Type Old Value New Value
Added Reference Snyk https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349 [No types assigned]

New CVE Received from Snyk 11/08/2024 12:15:06 AM

Action Type Old Value New Value
Added Description Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Added CVSS V3.1 Snyk AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Added CWE Snyk CWE-1333
Added Reference Snyk https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff [No types assigned]
Added Reference Snyk https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f [No types assigned]
Added Reference Snyk https://github.com/moxystudio/node-cross-spawn/pull/160 [No types assigned]
Added Reference Snyk https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 [No types assigned]