Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shescape project shescape vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-25918
The package shescape from 1.5.10 and prior to 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
Shescape Project Shescape 1.5.10
Shescape Project Shescape 1.6.0
9.8
CVSSv3
CVE-2022-31180
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true...
Shescape Project Shescape
7.5
CVSSv3
CVE-2022-36064
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells `Bash` and `Dash`, or any not-officially-supported Unix shell; and/or using the `escape` or `escap...
Shescape Project Shescape
8.6
CVSSv3
CVE-2023-40185
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing malicious users to bypass protections depending on t...
Shescape Project Shescape
5.5
CVSSv3
CVE-2022-24725
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other...
Shescape Project Shescape
7.8
CVSSv3
CVE-2021-21384
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the refer...
Shescape Project Shescape
4.3
CVSSv3
CVE-2023-35931
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
Shescape Project Shescape
9.8
CVSSv3
CVE-2022-31179
Shescape is a simple shell escape package for JavaScript. Versions before 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following t...
Shescape Project Shescape
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started