VYPR
High severity7.5OSV Advisory· Published Nov 8, 2024· Updated Apr 15, 2026

CVE-2024-21538

CVE-2024-21538

Description

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cross-spawnnpm
>= 7.0.0, < 7.0.57.0.5
cross-spawnnpm
< 6.0.66.0.6

Affected products

213

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.