一、 漏洞 CVE-2024-21538 基础信息
漏洞信息
# N/A
## 漏洞概述
Versions of the package `cross-spawn` before 7.0.5 are vulnerable to a Regular Expression Denial of Service (ReDoS) attack.
## 影响版本
Versions before 7.0.5
## 细节
The vulnerability arises due to improper input sanitization in the package. Attackers can craft large and specifically designed strings that can significantly increase CPU usage, thereby causing the program to crash.
## 影响
This vulnerability can allow an attacker to cause a Denial of Service (DoS) by consuming excessive CPU resources, leading to the program crashing or becoming unresponsive.
提示
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
漏洞标题
漏洞描述信息
CVSS信息
漏洞类别
二、漏洞 CVE-2024-21538 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2024-21538 的情报信息
-
标题: Regular Expression Denial of Service (ReDoS) in cross-spawn | CVE-2024-21538 | Snyk -- 🔗来源链接
标签:
神龙速读
-
标题: fix: disable regexp backtracking by satazor · Pull Request #160 · moxystudio/node-cross-spawn · GitHub -- 🔗来源链接
标签:
神龙速读
-
标题: fix: fix escaping bug introduced by backtracking · moxystudio/node-cross-spawn@640d391 · GitHub -- 🔗来源链接
标签:
神龙速读
-
标题: fix: disable regexp backtracking (#160) · moxystudio/node-cross-spawn@5ff3a07 · GitHub -- 🔗来源链接
标签:
神龙速读
-
标题: Regular Expression Denial of Service (ReDoS) in org.webjars.npm:cross-spawn | CVE-2024-21538 | Snyk -- 🔗来源链接
标签:
神龙速读
- https://nvd.nist.gov/vuln/detail/CVE-2024-21538