3 matches found
CVE-2022-24725
Shescape (JavaScript) versions 1.4.0–1.5.1 are vulnerable to information disclosure on Unix when using Bash with shescape.escape or escapeAll with interpolation: true, exposing the home directory and enabling potential directory traversal depending on output usage. Other shells (Dash, Zsh) are no...
CVE-2022-24725 Exposure of home directory through shescape on Unix with Bash
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...
CVE-2022-24725 Exposure of home directory through shescape on Unix with Bash
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...