0.002 Low
EPSS
Percentile
59.0%
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
github.com/ericcornelissen/shescape/blob/main/src/unix.js%23L52
github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9
github.com/ericcornelissen/shescape/releases/tag/v1.6.1
security.snyk.io/vuln/SNYK-JS-SHESCAPE-3061108