4 matches found
CVE-2026-30916
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...
CVE-2026-30916
...
CVE-2026-30916
CVE-2026-30916 relates to the Shescape JavaScript library. Prior to version 2.1.9, an attacker could bypass shell escaping when the configured shell pointed to a file that is a chain of symlinks, potentially exposing sensitive information depending on the shell used. A fix is available in 2.1.9. ...
@coder/cmux (>=0.3.0-next.64.g5f200a6 <=0.5.1-next.10.g83f9dd4), @dccxx/auggie-shell-mcp (>=1.0.6 <=1.0.29) +14 more potentially affected by CVE-2026-30916 via shescape (>=2.1.0 <=2.1.6)
shescape NPM version =2.1.0, =0.3.0-next.64.g5f200a6, =1.0.6, =0.1.0, =0.9.22, =2.6.0, =2.0.0, =1.1.0, =0.1.24, =0.5.1-next.11.g2647a3c, =0.3.0, =8.0.0, =6.0.0, =4.0.0, =3.0.0, =3.2.1 and more Source cves: CVE-2026-30916 Source advisory: SNYK:JS-SHESCAPE-15440479...