You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.
Remediation Steps
Update the affected package cross-spawn from version 7.0.3 to 7.0.5.
About this issue
This issue may not contain all the information about the CVE nor the images it affects.
This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
CVE Details
HIGHcross-spawn7.0.37.0.52024-11-08T05:15:06.453Z2024-11-16T10:18:36.690396835ZAffected Docker Images
public.ecr.aws/lambda/nodejs:latestpublic.ecr.aws/lambda/nodejs@sha256:007cd808b9e613993c616a321ae4c30416b269df12b841e6b92fe67918402aa1public.ecr.aws/lambda/nodejs:20public.ecr.aws/lambda/nodejs@sha256:007cd808b9e613993c616a321ae4c30416b269df12b841e6b92fe67918402aa1public.ecr.aws/lambda/nodejs:18public.ecr.aws/lambda/nodejs@sha256:cbe1e63bffb0008f12ea21b4790386e177f609163b7a59136b5ee8d8bbf465f2Description
Remediation Steps
cross-spawnfrom version7.0.3to7.0.5.About this issue
The text was updated successfully, but these errors were encountered: