⚠️ High Severity Vulnerability in [email protected] – Update Required #488

rafaelportomoura · 2025-05-13T18:26:00Z

Description:

Hi team,
A high severity vulnerability has been detected in the cross-spawn dependency used in this project.

Vulnerability details:

Package: cross-spawn
Installed version: 7.0.3
Vulnerability ID: CVE-2024-21538
Severity: High (CVSS v3: 7.5)
Fixed versions: >=7.0.5 or >=6.0.6

Impact:
This vulnerability can be exploited by malicious actors and has had a fix available for over 30 days. Continuing to use this version exposes the project to unnecessary security risks.

Recommendation:
Please update the cross-spawn dependency to at least version 7.0.5 as soon as possible. Make sure that no other dependencies are locking it to the vulnerable version.

Reference:
Security scan report flags this issue as FAILED due to:

High severity with a fix available
Fix available for more than 30 days

The text was updated successfully, but these errors were encountered:

chore: fix cross-spawn version to 7.0.5 (issue: #488)

rafaelportomoura mentioned this issue May 13, 2025

chore: fix cross-spawn version to 7.0.5 (issue: #488) #489

Merged

9 tasks

ihrpr closed this as completed in #489 May 14, 2025

ihrpr added a commit that referenced this issue May 14, 2025

Merge pull request #489 from rafaelportomoura/main

17caa5a

chore: fix cross-spawn version to 7.0.5 (issue: #488)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

⚠️ High Severity Vulnerability in [email protected] – Update Required #488

⚠️ High Severity Vulnerability in [email protected] – Update Required #488

rafaelportomoura commented May 13, 2025

⚠️ High Severity Vulnerability in [email protected] – Update Required #488

⚠️ High Severity Vulnerability in [email protected] – Update Required #488

Comments

rafaelportomoura commented May 13, 2025