GHSA-JJC5-FP7P-6F8W Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
Impact This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character '\n' in the payload. Example: javascript import cp from "node:childprocess"; import as shescape from...