Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1297

Malicious code in bioql PyPI...

6.2CVSS6AI score0.00492EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.8 views

CVE-2022-24725

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...

6.2CVSS6.7AI score0.00492EPSS
Exploits1References1
Prion
Prion
added 2022/10/27 10:15 a.m.17 views

Code injection

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

5CVSS7.5AI score0.01246EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/27 5:5 a.m.5 views

CVE-2022-25918 Regular Expression Denial of Service (ReDoS)

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service ReDoS via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function...

5.3CVSS7.5AI score0.01246EPSS
Exploits1References4
Prion
Prion
added 2022/08/01 8:15 p.m.22 views

Code injection

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by...

7.5CVSS9.7AI score0.01079EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/08/01 7:15 p.m.3 views

CVE-2022-31180 Insufficient escaping of whitespace in shescape

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

9.8CVSS9.9AI score0.0151EPSS
Exploits1References5
CNVD
CNVD
added 2022/03/04 12:0 a.m.16 views

shescape Information Disclosure Vulnerability

shescape is an open source package of simple shell escaping programs for JavaScript. Use it to escape user-controlled input to shell commands to prevent shell injection. shescape versions 1.4.0 through 1.5.1 are vulnerable to an information disclosure vulnerability that stems from using the escap...

6.2CVSS0.8AI score0.00492EPSS
Exploits1References1
Prion
Prion
added 2022/03/03 10:15 p.m.16 views

Directory traversal

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zs...

1.9CVSS5.4AI score0.00492EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder