vulnerability

Alpine Linux: CVE-2024-21538: Inefficient Regular Expression Complexity

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Nov 8, 2024	Aug 8, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Nov 8, 2024

Added

Aug 8, 2025

Modified

Dec 5, 2025

Description

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

Solution

alpine-linux-upgrade-npm

References

CVE-2024-21538
https://attackerkb.com/topics/CVE-2024-21538
URL-https://security.alpinelinux.org/vuln/CVE-2024-21538
CWE-1333

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today