VDB
RHSA-2025%3A0079
RHSA-2025%3A0079
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | odf4/odf-console-rhel9@sha256:371614640a15bdc8bdd308e7125146bc9621ea73d0136979d29e53a412b1f3ac_s390x as a component of RHODF 4.17 for RHEL 9 | odf4/odf-console-rhel9@sha256:371614640a15bdc8bdd308e7125146bc9621ea73d0136979d29e53a412b1f3ac_s390x, odf4/odf-console-rhel9@sha256:371614640a15bdc8bdd308e7125146bc9621ea73d0136979d29e53a412b1f3ac_s390x, odf4/odf-console-rhel9@sha256:371614640a15bdc8bdd308e7125146bc9621ea73d0136979d29e53a412b1f3ac_s390x |
| Red Hat | odf4/mcg-core-rhel9@sha256:ac79fb6e7346571cd547f28a06b3f9160ebfa2167df8ae4666bee118fe23c9f7_s390x as a component of RHODF 4.17 for RHEL 9 | odf4/mcg-core-rhel9@sha256:ac79fb6e7346571cd547f28a06b3f9160ebfa2167df8ae4666bee118fe23c9f7_s390x, odf4/mcg-core-rhel9@sha256:ac79fb6e7346571cd547f28a06b3f9160ebfa2167df8ae4666bee118fe23c9f7_s390x, odf4/mcg-core-rhel9@sha256:ac79fb6e7346571cd547f28a06b3f9160ebfa2167df8ae4666bee118fe23c9f7_s390x |
| Red Hat | odf4/odr-hub-operator-bundle@sha256:a38d1461acd190a3083905beff068f256afd3c81354ed6c39b93b3e17b2831df_ppc64le as a component of RHODF 4.17 for RHEL 9 | odf4/odr-hub-operator-bundle@sha256:a38d1461acd190a3083905beff068f256afd3c81354ed6c39b93b3e17b2831df_ppc64le, odf4/odr-hub-operator-bundle@sha256:a38d1461acd190a3083905beff068f256afd3c81354ed6c39b93b3e17b2831df_ppc64le, odf4/odr-hub-operator-bundle@sha256:a38d1461acd190a3083905beff068f256afd3c81354ed6c39b93b3e17b2831df_ppc64le |
| Red Hat | odf4/odr-recipe-operator-bundle@sha256:66c9d2fc679ee685ded21ec3f2d18d1e828fd1c58548d29f367f25ebacd1a859_ppc64le as a component of RHODF 4.17 for RHEL 9 | odf4/odr-recipe-operator-bundle@sha256:66c9d2fc679ee685ded21ec3f2d18d1e828fd1c58548d29f367f25ebacd1a859_ppc64le, odf4/odr-recipe-operator-bundle@sha256:66c9d2fc679ee685ded21ec3f2d18d1e828fd1c58548d29f367f25ebacd1a859_ppc64le, odf4/odr-recipe-operator-bundle@sha256:66c9d2fc679ee685ded21ec3f2d18d1e828fd1c58548d29f367f25ebacd1a859_ppc64le |
| Red Hat | odf4/ocs-operator-bundle@sha256:4fcc5659e079d6ed2333a81a1c28748e54316f1fb0cdbaaa4c4bf782b2b7c2a3_amd64 as a component of RHODF 4.17 for RHEL 9 | *, odf4/ocs-operator-bundle@sha256:4fcc5659e079d6ed2333a81a1c28748e54316f1fb0cdbaaa4c4bf782b2b7c2a3_amd64, odf4/ocs-operator-bundle@sha256:4fcc5659e079d6ed2333a81a1c28748e54316f1fb0cdbaaa4c4bf782b2b7c2a3_amd64 |
| Red Hat | odf4/odr-hub-operator-bundle@sha256:a91bfd587473ed678548bf8fa6363d7e670417125dac9b99e950ff676b450c2e_s390x as a component of RHODF 4.17 for RHEL 9 | odf4/odr-hub-operator-bundle@sha256:a91bfd587473ed678548bf8fa6363d7e670417125dac9b99e950ff676b450c2e_s390x, odf4/odr-hub-operator-bundle@sha256:a91bfd587473ed678548bf8fa6363d7e670417125dac9b99e950ff676b450c2e_s390x, odf4/odr-hub-operator-bundle@sha256:a91bfd587473ed678548bf8fa6363d7e670417125dac9b99e950ff676b450c2e_s390x |
| Red Hat | odf4/ocs-metrics-exporter-rhel9@sha256:58b66861f4d463433c1af23bd61bc497009f8dc3e997102a93343463baade755_amd64 as a component of RHODF 4.17 for RHEL 9 | odf4/ocs-metrics-exporter-rhel9@sha256:58b66861f4d463433c1af23bd61bc497009f8dc3e997102a93343463baade755_amd64, odf4/ocs-metrics-exporter-rhel9@sha256:58b66861f4d463433c1af23bd61bc497009f8dc3e997102a93343463baade755_amd64, * |
| Red Hat | odf4/odr-rhel9-operator@sha256:b1798bebd8a861ed325005d5fce44c0ece05a0e3ed0ed574a09c766d3e452b97_ppc64le as a component of RHODF 4.17 for RHEL 9 | odf4/odr-rhel9-operator@sha256:b1798bebd8a861ed325005d5fce44c0ece05a0e3ed0ed574a09c766d3e452b97_ppc64le, *, odf4/odr-rhel9-operator@sha256:b1798bebd8a861ed325005d5fce44c0ece05a0e3ed0ed574a09c766d3e452b97_ppc64le |
| Red Hat | odf4/mcg-core-rhel9@sha256:4ac2448215ef79cbfaa2be5d2d15552e7545f686e08f221f734fae87ed2d719b_arm64 as a component of RHODF 4.17 for RHEL 9 | *, odf4/mcg-core-rhel9@sha256:4ac2448215ef79cbfaa2be5d2d15552e7545f686e08f221f734fae87ed2d719b_arm64, odf4/mcg-core-rhel9@sha256:4ac2448215ef79cbfaa2be5d2d15552e7545f686e08f221f734fae87ed2d719b_arm64 |
| Red Hat | odf4/mcg-rhel9-operator@sha256:1f07db58c965bd7c5e817d6585318934a34ea8ab7f880faac0ba27e2aed5d6c8_s390x as a component of RHODF 4.17 for RHEL 9 | odf4/mcg-rhel9-operator@sha256:1f07db58c965bd7c5e817d6585318934a34ea8ab7f880faac0ba27e2aed5d6c8_s390x, odf4/mcg-rhel9-operator@sha256:1f07db58c965bd7c5e817d6585318934a34ea8ab7f880faac0ba27e2aed5d6c8_s390x, odf4/mcg-rhel9-operator@sha256:1f07db58c965bd7c5e817d6585318934a34ea8ab7f880faac0ba27e2aed5d6c8_s390x |
| Red Hat | odf4/ocs-rhel9-operator@sha256:9e3bcb974ad550219ae0111294803795bcf464d31aa977693debd76349d123e2_amd64 as a component of RHODF 4.17 for RHEL 9 | odf4/ocs-rhel9-operator@sha256:9e3bcb974ad550219ae0111294803795bcf464d31aa977693debd76349d123e2_amd64, odf4/ocs-rhel9-operator@sha256:9e3bcb974ad550219ae0111294803795bcf464d31aa977693debd76349d123e2_amd64, odf4/ocs-rhel9-operator@sha256:9e3bcb974ad550219ae0111294803795bcf464d31aa977693debd76349d123e2_amd64 |
| Red Hat | odf4/odf-cli-rhel9@sha256:e2e441efe3dc5cc2edb68bb05d86ae018a9c5ad6e26e775c1f52543b499139ff_arm64 as a component of RHODF 4.17 for RHEL 9 | odf4/odf-cli-rhel9@sha256:e2e441efe3dc5cc2edb68bb05d86ae018a9c5ad6e26e775c1f52543b499139ff_arm64, odf4/odf-cli-rhel9@sha256:e2e441efe3dc5cc2edb68bb05d86ae018a9c5ad6e26e775c1f52543b499139ff_arm64, * |
| Red Hat | odf4/odf-csi-addons-rhel9-operator@sha256:c34463cfce14762c0b88b6dc8cc96c311894677900c078e667d5bc1ab69d6afc_arm64 as a component of RHODF 4.17 for RHEL 9 | odf4/odf-csi-addons-rhel9-operator@sha256:c34463cfce14762c0b88b6dc8cc96c311894677900c078e667d5bc1ab69d6afc_arm64, odf4/odf-csi-addons-rhel9-operator@sha256:c34463cfce14762c0b88b6dc8cc96c311894677900c078e667d5bc1ab69d6afc_arm64, * |
| Red Hat | odf4/mcg-core-rhel9@sha256:8edd7771c1c6685766bce549ba9b43d851935e7241b3b0ada27f85943b6b7cc0_ppc64le as a component of RHODF 4.17 for RHEL 9 | *, odf4/mcg-core-rhel9@sha256:8edd7771c1c6685766bce549ba9b43d851935e7241b3b0ada27f85943b6b7cc0_ppc64le, odf4/mcg-core-rhel9@sha256:8edd7771c1c6685766bce549ba9b43d851935e7241b3b0ada27f85943b6b7cc0_ppc64le |
| Red Hat | odf4/ocs-client-rhel9-operator@sha256:7330de229659f3f60022f24c6f2eaf519bd94a6ba1c943cc10b5225525c16fc4_amd64 as a component of RHODF 4.17 for RHEL 9 | odf4/ocs-client-rhel9-operator@sha256:7330de229659f3f60022f24c6f2eaf519bd94a6ba1c943cc10b5225525c16fc4_amd64, odf4/ocs-client-rhel9-operator@sha256:7330de229659f3f60022f24c6f2eaf519bd94a6ba1c943cc10b5225525c16fc4_amd64, * |
| Red Hat | odf4/odf-multicluster-console-rhel9@sha256:4cb7cf08ed562f95b219999fc991b64ea2071fd1932549b89727301da582766c_ppc64le as a component of RHODF 4.17 for RHEL 9 | odf4/odf-multicluster-console-rhel9@sha256:4cb7cf08ed562f95b219999fc991b64ea2071fd1932549b89727301da582766c_ppc64le, odf4/odf-multicluster-console-rhel9@sha256:4cb7cf08ed562f95b219999fc991b64ea2071fd1932549b89727301da582766c_ppc64le, odf4/odf-multicluster-console-rhel9@sha256:4cb7cf08ed562f95b219999fc991b64ea2071fd1932549b89727301da582766c_ppc64le |
| Red Hat | odf4/odf-csi-addons-sidecar-rhel9@sha256:48309b5e97bcd14bcb5a859e00e647b198f43402389eddb20bf52df2a914f74d_s390x as a component of RHODF 4.17 for RHEL 9 | odf4/odf-csi-addons-sidecar-rhel9@sha256:48309b5e97bcd14bcb5a859e00e647b198f43402389eddb20bf52df2a914f74d_s390x, odf4/odf-csi-addons-sidecar-rhel9@sha256:48309b5e97bcd14bcb5a859e00e647b198f43402389eddb20bf52df2a914f74d_s390x, odf4/odf-csi-addons-sidecar-rhel9@sha256:48309b5e97bcd14bcb5a859e00e647b198f43402389eddb20bf52df2a914f74d_s390x |
| Red Hat | odf4/odf-multicluster-rhel9-operator@sha256:ed3897a34c2f0e644efe0ca7d5ad1412f60bc51036a70da5b557d978f5994a87_amd64 as a component of RHODF 4.17 for RHEL 9 | *, *, * |
| Red Hat | odf4/odf-must-gather-rhel9@sha256:32b7301060a96868826caffd9038331d452240a8683b8afdbb0716d033b18cde_s390x as a component of RHODF 4.17 for RHEL 9 | *, odf4/odf-must-gather-rhel9@sha256:32b7301060a96868826caffd9038331d452240a8683b8afdbb0716d033b18cde_s390x, odf4/odf-must-gather-rhel9@sha256:32b7301060a96868826caffd9038331d452240a8683b8afdbb0716d033b18cde_s390x |
| Red Hat | odf4/cephcsi-rhel9@sha256:d54fd1a2345699a240a7d65d09ac7eb6da8df7d582fe0bbef309c206427d4958_amd64 as a component of RHODF 4.17 for RHEL 9 | odf4/cephcsi-rhel9@sha256:d54fd1a2345699a240a7d65d09ac7eb6da8df7d582fe0bbef309c206427d4958_amd64, odf4/cephcsi-rhel9@sha256:d54fd1a2345699a240a7d65d09ac7eb6da8df7d582fe0bbef309c206427d4958_amd64, odf4/cephcsi-rhel9@sha256:d54fd1a2345699a240a7d65d09ac7eb6da8df7d582fe0bbef309c206427d4958_amd64 |
…and 85 more
Timeline
- Jan 8, 2025 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 29, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2025:0079 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2311152 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2311153 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2311154 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2322949 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2324550 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2331063 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0079.json advisory
- https://access.redhat.com/security/cve/CVE-2024-21538 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-21538 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-21538 advisory
- https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff advisory
- https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f advisory
- https://github.com/moxystudio/node-cross-spawn/pull/160 advisory
- https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 advisory
- https://access.redhat.com/security/cve/CVE-2024-43796 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-43796 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-43796 advisory
- https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553 advisory
…and 23 more