This package has limited bug data (1 entry). Check back later or see the package health page for the full signal.
cross-spawn known bugs
npm1 known bug in cross-spawn, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
1
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 7.0.0 | 7.0.5 | Regular Expression Denial of Service (ReDoS) in cross-spawn Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. | fixed | osv:GHSA-3xgq-45jj-v275 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/npm/cross-spawn