Filtered by vendor Cross-spawn Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21538 2 Cross-spawn, Redhat 3 Cross-spawn, Advanced Cluster Security, Openshift 2024-11-19 7.5 High
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.