DirectorySecurity Advisories
Sign In
Security Advisories

CGA-49x5-fp72-pvgg

Published

Last updated

https://images.chainguard.dev/security/CGA-49x5-fp72-pvgg
Package

kibana-7

Latest Update
Fixed
Fixed Version

7.17.25-r1

Aliases
  • CVE-2024-21538
  • GHSA-3xgq-45jj-v275

Severity

7.5

High

CVSS V3

Summary

Regular Expression Denial of Service (ReDoS) in cross-spawn

Description

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation