4 matches found
Arbitrary Command Injection
Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
UBUNTU-CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...