Lucene search
K

4 matches found

Veracode
Veracode
added 2026/06/10 3:15 p.m.7 views

OS Command Injection

shell-quote is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation and escaping of object-token .op inputs in the quote function, which allows an attacker to inject line terminators and execute arbitrary shell commands when the generated output is processed by ...

9.2CVSS6.2AI score0.00848EPSS
Exploits1References21Affected Software1
OSV
OSV
added 2026/06/09 8:38 a.m.7 views

USN-8410-1 node-shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/25 10:43 a.m.13 views

CVE-2026-9277

A flaw was found in the shell-quote component. The quote function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpre...

9.2CVSS6.2AI score0.00848EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2026/05/22 1:22 p.m.9 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1
Rows per page
Query Builder