From 3ab53c95b2be6094637c483a693394e55103a476 Mon Sep 17 00:00:00 2001 From: RafaelGuevaraCA Date: Thu, 26 Jun 2025 10:31:23 +0200 Subject: [PATCH 1/4] CVE-2024-21538 fix cross-spawn vulnerability --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1f782fc62d..77e8ee965d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,8 @@ WORKDIR /tmp # add node repo and call 'apt-get update' RUN bash ./setup_18.x && $APT_INSTALL build-essential python3-pip python3.10-dev net-tools apt-utils +RUN npm install -g cross-spawn@7.0.5 + RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 1 # Fix vulnerabilities / outdated versions From 2ae99365d63b2f9cd535bb356553ad404d1b65d6 Mon Sep 17 00:00:00 2001 From: RafaelGuevaraCA Date: Thu, 26 Jun 2025 10:48:20 +0200 Subject: [PATCH 2/4] CVE-2024-21538 fix cross-spawn vulnerability2 --- Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 77e8ee965d..643580769b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,8 +15,6 @@ WORKDIR /tmp # add node repo and call 'apt-get update' RUN bash ./setup_18.x && $APT_INSTALL build-essential python3-pip python3.10-dev net-tools apt-utils -RUN npm install -g cross-spawn@7.0.5 - RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 1 # Fix vulnerabilities / outdated versions @@ -29,6 +27,13 @@ RUN $APT_UPDATE && $APT_INSTALL \ unzip software-properties-common apt-transport-https \ openjdk-11-jdk xvfb siege apache2-utils git make nodejs locales tsung libtool libssl-dev libyaml-dev libxml2-dev libxslt-dev +# Verify Node.js and npm installation +RUN node -v && npm -v || \ + ($APT_UPDATE && $APT_INSTALL npm) + +# Install cross-spawn globally +RUN npm install -g cross-spawn@7.0.5 + # Install .NET sdk # check this page for the links and hash # https://dotnetcli.azureedge.net/dotnet/release-metadata/8.0/releases.json From 4dd4f3754eb5a819c0de4a8419d9b2fe2ac6d0aa Mon Sep 17 00:00:00 2001 From: RafaelGuevaraCA Date: Thu, 26 Jun 2025 13:22:14 +0200 Subject: [PATCH 3/4] CVE-2024-21538 fix cross-spawn vulnerability3 --- Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 643580769b..563b7ad634 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,12 +27,8 @@ RUN $APT_UPDATE && $APT_INSTALL \ unzip software-properties-common apt-transport-https \ openjdk-11-jdk xvfb siege apache2-utils git make nodejs locales tsung libtool libssl-dev libyaml-dev libxml2-dev libxslt-dev -# Verify Node.js and npm installation -RUN node -v && npm -v || \ - ($APT_UPDATE && $APT_INSTALL npm) - # Install cross-spawn globally -RUN npm install -g cross-spawn@7.0.5 +RUN npm uninstall -g cross-spawn && npm install -g cross-spawn@7.0.5 # Install .NET sdk # check this page for the links and hash From 5b56edb939b040edac8ed99235acbaca22228c71 Mon Sep 17 00:00:00 2001 From: RafaelGuevaraCA Date: Thu, 26 Jun 2025 13:39:13 +0200 Subject: [PATCH 4/4] CVE-2024-21538 fix cross-spawn vulnerability4 --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 563b7ad634..f359b1fb81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,6 +27,10 @@ RUN $APT_UPDATE && $APT_INSTALL \ unzip software-properties-common apt-transport-https \ openjdk-11-jdk xvfb siege apache2-utils git make nodejs locales tsung libtool libssl-dev libyaml-dev libxml2-dev libxslt-dev +# Verify Node.js and npm installation +RUN node -v && npm -v || \ + ($APT_UPDATE && $APT_INSTALL npm) + # Install cross-spawn globally RUN npm uninstall -g cross-spawn && npm install -g cross-spawn@7.0.5