github
[GHSA-3xgq-45jj-v275] Regular Expression Denial of Service (ReDoS) in cross-spawn
Updates
- CVSS v3
- CVSS v4
- Severity
Comments sha256:4232e547f04af7f5c9f6e873d56dd740caae50a20f95146e63082b7fb15de803
Hi @aprendis543, I see your CVSS 3.0 and 4.0 suggestions: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and the removal of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P. Can you explain the rationale for changing the scores, or link to analysis/supporting references? If you'd like, we can run this through the CVSS calculator and reevaluate if we agree. In addition, please link to the SHA reference as we did not find it in the node-cross-spawn repository.
👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}