{"ecosystem":"npm","package":"cross-spawn","version":null,"bugs":[{"id":315,"ecosystem":"npm","package_name":"cross-spawn","affected_version":"7.0.0","fixed_version":"7.0.5","bug_id":"osv:GHSA-3xgq-45jj-v275","title":"Regular Expression Denial of Service (ReDoS) in cross-spawn","description":"Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21538","labels":["CVE-2024-21538"],"created_at":"2026-04-19 04:31:09.318122+00:00","updated_at":"2026-04-19 04:31:09.318122+00:00"}],"total":1,"_cache":"hit"}