PT-2023-9813 · Unknown+2 · Cross-Spawn+2

Rongchen Li

Published

2023-12-22

Updated

2026-06-04

CVE-2024-21538

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions cross-spawn versions prior to 7.0.5

Description The issue is related to a Regular Expression Denial of Service (ReDoS) in the cross-spawn package. This occurs due to improper input sanitization, allowing an attacker to craft a large and well-crafted string that can increase CPU usage and crash the program. The exploitation of this issue can lead to a denial of service.

Recommendations For versions prior to 7.0.5, update to version 7.0.5 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent large and maliciously crafted strings from being processed.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

AZL-52548

AZL-52551

AZL-52561

AZL-52587

AZL-52604

BDU:2024-11495

CVE-2024-21538

GHSA-3XGQ-45JJ-V275

OPENSUSE-SU-2024:14550-1

OPENSUSE-SU-2024:14553-1

OPENSUSE-SU-2024:14558-1

OPENSUSE-SU-2024:14559-1

OPENSUSE-SU-2024:14560-1

OPENSUSE-SU-2024:14561-1

OPENSUSE-SU-2024_4286-1

OPENSUSE-SU-2024_4300-1

OPENSUSE-SU-2024_4301-1

OPENSUSE-SU-2025:14615-1

OPENSUSE-SU-2025:14663-1

OPENSUSE-SU-2025:15802-1

SUSE-SU-2024:4272-1

SUSE-SU-2024:4286-1

SUSE-SU-2024:4300-1

SUSE-SU-2024:4301-1

SUSE-SU-2024_4272-1

SUSE-SU-2024_4286-1

SUSE-SU-2024_4300-1

SUSE-SU-2024_4301-1

SUSE-SU-2025:3744-1

SUSE-SU-2025_3744-1

Affected Products

Bitbucket

Suse

Cross-Spawn

PT-2023-9813 · Unknown+2 · Cross-Spawn+2

CVE-2024-21538

Weakness Enumeration

Related Identifiers

Affected Products

References · 104