SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-21538

CVE-2024-21538: cross-spawn ReDoS DOS Vulnerability

CVE-2024-21538 is a Regular Expression Denial of Service (ReDoS) vulnerability in the cross-spawn package that allows attackers to crash programs through crafted strings. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2024-21538 Overview

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Critical Impact

This vulnerability can cause significant disruption by crashing affected applications through resource exhaustion.

Affected Products

  • cross-spawn < 6.0.6
  • cross-spawn >= 7.0.0 < 7.0.5
  • Not Available

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Not Available
  • Not Available - CVE CVE-2024-21538 assigned
  • Not Available - Not Available releases security patch
  • 2024-11-08 - CVE CVE-2024-21538 published to NVD
  • 2025-05-20 - Last updated in NVD database

Technical Details for CVE-2024-21538

Vulnerability Analysis

The cross-spawn package is susceptible to a Regular Expression Denial of Service (ReDoS) attack, which can lead to excessive resource consumption. This occurs through improper input validation that allows an attacker to craft a string to exploit the regex condition in the affected versions.

Root Cause

The vulnerability arises from the lack of proper input sanitization in regular expression processing, enabling complex input patterns that degrade application performance.

Attack Vector

The vulnerability can be exploited remotely by sending a maliciously crafted string to the application using the cross-spawn package.

javascript
// Example exploitation code (sanitized)
const maliciousString = 'a'.repeat(100000);
require('cross-spawn').sync(maliciousString);

Detection Methods for CVE-2024-21538

Indicators of Compromise

  • Unusual CPU usage spikes
  • Application crashes
  • Logged errors related to regular expression processing

Detection Strategies

Security teams should monitor application logs for regex processing errors and high CPU usage patterns that correlate with specific input strings.

Monitoring Recommendations

Implement real-time monitoring on CPU usage and establish alerts for abnormal activity consistent with potential ReDoS attacks.

How to Mitigate CVE-2024-21538

Immediate Actions Required

  • Update cross-spawn to versions 6.0.6 or 7.0.5 and above
  • Implement input validation to prevent complex strings
  • Monitor system performance regularly

Patch Information

Upgrade to the latest patched versions as recommended by security advisories or implement mitigation patches if available.

Workarounds

To mitigate the impact without patching, ensure strict input validation is in place to filter and sanitize potentially malicious strings.

bash
# Configuration example
npm install [email protected]

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne