Skip to content

⚠️ High Severity Vulnerability in [email protected] – Update Required #488

New issue
New issue
Closed
#489
Closed
⚠️ High Severity Vulnerability in [email protected] – Update Required#488
#489
@rafaelportomoura

Description

@rafaelportomoura
rafaelportomoura
opened on May 13, 2025

Description:

Hi team,
A high severity vulnerability has been detected in the cross-spawn dependency used in this project.

Vulnerability details:

  • Package: cross-spawn
  • Installed version: 7.0.3
  • Vulnerability ID: CVE-2024-21538
  • Severity: High (CVSS v3: 7.5)
  • Fixed versions: >=7.0.5 or >=6.0.6

Impact:
This vulnerability can be exploited by malicious actors and has had a fix available for over 30 days. Continuing to use this version exposes the project to unnecessary security risks.

Recommendation:
Please update the cross-spawn dependency to at least version 7.0.5 as soon as possible. Make sure that no other dependencies are locking it to the vulnerable version.

Reference:
Security scan report flags this issue as FAILED due to:

  • High severity with a fix available
  • Fix available for more than 30 days

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions