CVE-2024-21538 & CVE-2024-21538

Question

CVE-2024-21538 & CVE-2024-21538

Closed this issue a year ago · 1 comments

High & Medium severity vulnerability reported by Snyk

Issues with no direct upgrade or patch:
  ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060] in cookie@0.5.0
    introduced by routing-controllers@0.10.4 > cookie@0.5.0
  This issue was fixed in versions: 0.7.0

  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230] in cross-spawn@7.0.3
    introduced by routing-controllers@0.10.4 > glob@10.3.12 > foreground-child@3.1.1 > cross-spawn@7.0.3
  This issue was fixed in versions: 7.0.5

Can a new version please be published with upgrades for these both?

Thanks.

Answer 1 · 2025-01-07T01:43:16.000Z

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.