CVE-2024-21538

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 8, 2024

CWE ID 1333

Summary

CVE-2024-21538 is a new vulnerability affecting versions of the package cross-spawn before 7.0.5. This issue involves a Regular Expression Denial of Service (ReDoS) weakness, where the application fails to adequately sanitize user input. Malicious actors can exploit this flaw by crafting an oversized and meticulously crafted string, leading to a significant increase in CPU usage and eventual program crash. The vulnerability poses a risk to system stability and resource availability. Users are advised to upgrade to the latest version of cross-spawn to mitigate this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0UzlHc
https://www.cve.org/CVERecord?id=CVE-2024-21538
https://nvd.nist.gov/vuln/detail/CVE-2024-21538

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-21538

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations