CVE-2016-10541

The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape "" and "" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection...

CVE-2016-10541

CVE-2016-10541 – shell-quote (npm) : The npm module shell-quote, version 1.6.0 and earlier, cannot correctly escape ">" and ", ;, {, } contribute to successful injection, underscoring the need for prompt update and reevaluation of input handling. Monitor for updates and apply the fixed release...

PT-2018-4720 · Npm · Shell-Quote

Name of the Vulnerable Software and Affected Versions: shell-quote versions 1.6.0 and earlier Description: The issue affects the npm module "shell-quote" and allows for code injection due to incorrect escaping of certain characters, including , , ;, , and . This can lead to command injection if t...

Potential Command Injection

Overview Affected versions of shell-quote do not properly escape command line arguments, which may result in command injection if the library is used to escape user input destined for use as command line arguments. Proof of Concept: The following characters are not escaped properly: ,;,, Bash has...

CVE-2014-1927

The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...

PYSEC-2014-90

The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...