Lucene search
Shell-quote ProjectShell-quote*
2 matches found
CVE-2021-42740
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attac...
9.8CVSS9.5AI score0.03981EPSS
CVE-2016-10541
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "
9.8CVSS9.6AI score0.0042EPSS