Lucene search
K

92 matches found

vulnersOsv
vulnersOsv
added 2026/06/09 2:27 p.m.7 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
EUVD
EUVD
added 2026/06/09 2:27 p.m.11 views

EUVD-2026-31440

shell-quote quote does not escape newlines in object .op values...

9.2CVSS5.4AI score0.00848EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/06/09 2:27 p.m.27 views

shell-quote quote() does not escape newlines in object .op values

Summary shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore...

9.2CVSS5.6AI score0.00848EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/06/09 8:38 a.m.8 views

USN-8410-1 node-shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/06/09 8:38 a.m.20 views

USN-8410-1: shell-quote vulnerability

Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this issue to cause shell-quote to crash, resulting in a denial of service, or execute arbitrary code...

9.2CVSS5.8AI score0.00848EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.16 views

openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/29 12:0 a.m.11 views

Security update for python-pytest-html (important)

openSUSE security update: security update for python-pytest-html ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20839-1 Rating: important References: bsc1266254 Cross-References: CVE-2026-9277 CVSS scores: CVE-2026-9277 SUSE : 8.1...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 12:20 p.m.10 views

OPENSUSE-SU-2026:20839-1 Security update for python-pytest-html

This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodules...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.24 views

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

8.1CVSS5.9AI score0.00848EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/25 10:43 a.m.14 views

CVE-2026-9277

A flaw was found in the shell-quote component. The quote function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpre...

9.2CVSS6.2AI score0.00848EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/22 3:45 p.m.27 views

Arbitrary Command Injection

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...

9.2CVSS6.1AI score0.00848EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/22 3:45 p.m.6 views

org.webjars.npm:github-com-wavesoft-local-echo (=0.2.0), org.webjars.npm:launch-editor (=2.2.1) +2 more potentially affected by CVE-2026-9277 via org.webjars.npm:shell-quote (=1.8.3)

org.webjars.npm:shell-quote MAVEN version =1.8.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:shell-quote and may be impacted: - org.webjars.npm:github-com-wavesoft-local-echo =0.2.0 - org.webjars.npm:launch-editor =2.2.1 -...

9.2CVSS5.4AI score0.00848EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/22 3:45 p.m.8 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
Snyk
Snyk
added 2026/05/22 3:45 p.m.13 views

Arbitrary Command Injection

Overview shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not properly validated...

9.2CVSS6AI score0.00848EPSS
Exploits1References2
NVD
NVD
added 2026/05/22 2:16 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS0.00848EPSS
Exploits1References25
OSV
OSV
added 2026/05/22 2:16 p.m.6 views

UBUNTU-CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2026/05/22 2:16 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/05/22 1:22 p.m.10 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1
Rows per page
Query Builder