Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-1574

Malware in sbrugna...

6.3CVSS6.4AI score0.02403EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3886

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.0434EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.5 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS8.2AI score0.0434EPSS
Exploits0References11
OSV
OSV
added 2022/05/24 7:18 p.m.5 views

GHSA-G4RG-993R-MGX7 Improper Neutralization of Special Elements used in a Command in Shell-quote

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:18 p.m.415 views

Improper Neutralization of Special Elements used in a Command in Shell-quote

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.6AI score0.0434EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/10/21 3:15 p.m.9 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.7AI score
Exploits0References3
Prion
Prion
added 2021/10/21 3:15 p.m.31 views

Command injection

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

7.5CVSS9.5AI score0.0434EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2021/10/21 3:15 p.m.101 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References4
CVE
CVE
added 2021/10/21 2:46 p.m.128 views

CVE-2021-42740

CVE-2021-42740 affects the shell-quote package for Node.js (pre-1.7.3). The Windows drive-letter regex was {A-z] instead of {A-Za-z], enabling injection of shell metacharacters when unescaped output is passed to a real shell via exec(). Attacks can lead to arbitrary commands execution under the d...

9.8CVSS9.5AI score0.0434EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/10/21 12:0 a.m.4 views

PT-2021-23668

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.7.3 Description The issue allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a...

9.8CVSS7.3AI score0.0434EPSS
Exploits0References148
Rows per page
Query Builder