Description
Description:
Hi team,
A high severity vulnerability has been detected in the cross-spawn dependency used in this project.
Vulnerability details:
- Package: cross-spawn
- Installed version: 7.0.3
- Vulnerability ID: CVE-2024-21538
- Severity: High (CVSS v3: 7.5)
- Fixed versions:
>=7.0.5or>=6.0.6
Impact:
This vulnerability can be exploited by malicious actors and has had a fix available for over 30 days. Continuing to use this version exposes the project to unnecessary security risks.
Recommendation:
Please update the cross-spawn dependency to at least version 7.0.5 as soon as possible. Make sure that no other dependencies are locking it to the vulnerable version.
Reference:
Security scan report flags this issue as FAILED due to:
- High severity with a fix available
- Fix available for more than 30 days