PT-2023-9813 · Unknown+2 · Cross-Spawn+2

Rongchen Li

·

Publicado

2023-12-22

·

Atualizado

2026-06-04

·

CVE-2024-21538

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions cross-spawn versions prior to 7.0.5
Description The issue is related to a Regular Expression Denial of Service (ReDoS) in the cross-spawn package. This occurs due to improper input sanitization, allowing an attacker to craft a large and well-crafted string that can increase CPU usage and crash the program. The exploitation of this issue can lead to a denial of service.
Recommendations For versions prior to 7.0.5, update to version 7.0.5 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent large and maliciously crafted strings from being processed.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

AZL-52548
AZL-52551
AZL-52561
AZL-52587
AZL-52604
BDU:2024-11495
CVE-2024-21538
GHSA-3XGQ-45JJ-V275
OPENSUSE-SU-2024:14550-1
OPENSUSE-SU-2024:14553-1
OPENSUSE-SU-2024:14558-1
OPENSUSE-SU-2024:14559-1
OPENSUSE-SU-2024:14560-1
OPENSUSE-SU-2024:14561-1
OPENSUSE-SU-2024_4286-1
OPENSUSE-SU-2024_4300-1
OPENSUSE-SU-2024_4301-1
OPENSUSE-SU-2025:14615-1
OPENSUSE-SU-2025:14663-1
OPENSUSE-SU-2025:15802-1
SUSE-SU-2024:4272-1
SUSE-SU-2024:4286-1
SUSE-SU-2024:4300-1
SUSE-SU-2024:4301-1
SUSE-SU-2024_4272-1
SUSE-SU-2024_4286-1
SUSE-SU-2024_4300-1
SUSE-SU-2024_4301-1
SUSE-SU-2025:3744-1
SUSE-SU-2025_3744-1

Produtos afetados

Bitbucket
Suse
Cross-Spawn