2 matches found
CVE-2022-36064 Shescape Inefficient Regular Expression Complexity vulnerability
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the...
CVE-2022-36064
CVE-2022-36064 (Shescape) affects the JavaScript package Shescape. The vulnerability is an inefficient Regular Expression Complexity (ReDoS) in two RegExes used when escaping arguments for Unix shells (notably Bash/Dash) or when using escape/escapeAll with interpolation enabled. An attacker can c...