1 known bug in cross-spawn, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 7.0.0 | 7.0.5 | Regular Expression Denial of Service (ReDoS) in cross-spawn Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. | fixed | osv:GHSA-3xgq-45jj-v275 |
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/npm/cross-spawn