Lucene search
+L

96 matches found

osv
osv
added 2026/07/07 4:11 p.m.14 views

ROOT-APP-NPM-CVE-2021-42740 CVE-2021-42740 in @rootio/shell-quote - Patched by Root

Root has patched CVE-2021-42740 in the @rootio/shell-quote package for Root:npm. Multiple fixed versions available...

9.8CVSS7.3AI score0.0434EPSS
Exploits0
osv
osv
added 2026/07/07 4:11 p.m.11 views

ROOT-APP-NPM-CVE-2026-9277 CVE-2026-9277 in @rootio/shell-quote - Patched by Root

Root has patched CVE-2026-9277 in the @rootio/shell-quote package for Root:npm. Multiple fixed versions available...

9.2CVSS5.3AI score0.00848EPSS
Exploits1
osv
osv
added 2026/06/30 7:49 a.m.3 views

OPENSUSE-SU-2026:21176-1 Security update for python-pytest-html

This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - Revendor updating shell-quote and js-yaml deps: - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a denial of service bsc1269361 - CVE-2026-53550: js-yaml: quadratic complexity when...

8.7CVSS5.7AI score0.0036EPSS
Exploits1References4
nessus
nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-13311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growin...

8.7CVSS6.5AI score0.0036EPSS
Exploits0References4
susecve
susecve
added 2026/06/27 2:5 a.m.6 views

SUSE CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

7.5CVSS6.3AI score0.0036EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/25 11:23 p.m.16 views

CVE-2026-13311

A flaw was found in the shell-quote component. An attacker who can supply a specially crafted string to the parse function can exploit an inefficiency in how the component processes input. This can cause the single-threaded Node.js event loop to be blocked for an extended period, leading to a...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References5
snyk
snyk
added 2026/06/25 6:22 a.m.3 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the parseInternal function of parse.js, where parse finalizes the token list with Array.prototype.concat inside a...

8.7CVSS5.9AI score0.0036EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 5:16 a.m.12 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS0.0036EPSS
Exploits0References2
osv
osv
added 2026/06/25 5:16 a.m.3 views

DEBIAN-CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References1
osv
osv
added 2026/06/25 5:16 a.m.6 views

UBUNTU-CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References4
euvd
euvd
added 2026/06/25 4:48 a.m.6 views

EUVD-2026-39180

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/25 4:48 a.m.7 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References3
cve
cve
added 2026/06/25 4:48 a.m.48 views

CVE-2026-13311

The CVE affects the shell-quote library prior to version 1.8.5. The parse() function accumulates tokens by using Array.prototype.concat as a reduce accumulator, causing O(n^2) time relative to token count and enabling a potential denial of service by blocking the Node.js event loop with small, at...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2026/06/25 4:48 a.m.5 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0
cvelist
cvelist
added 2026/06/25 4:48 a.m.43 views

CVE-2026-13311 shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS0.0036EPSS
Exploits0References2
osv
osv
added 2026/06/25 4:48 a.m.3 views

CVE-2026-13311 shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.4AI score0.0036EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.22 views

PT-2026-52200

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.5 Description The parse function finalizes parsed tokens using Array.prototype.concat as a reduce accumulator, causing the entire growing array to be reallocated and copied during every iteration. This results...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References14
githubexploit
githubexploit
added 2026/06/15 1:37 p.m.133 views

Exploit for CVE-2026-9277

CVE-2026-9277 - Shell-Quote Command Injection Expl...

9.2CVSS5.3AI score0.00848EPSS
Exploits1
nessus
nessus
added 2026/06/11 12:0 a.m.6 views

Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : shell-quote vulnerability (USN-8410-1)

The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8410-1 advisory. Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this...

9.2CVSS5.7AI score0.00848EPSS
Exploits1References2
debiancve
debiancve
added 2026/06/10 7:46 p.m.9 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits1
Rows per page
Query Builder