Shescape@1.4.0 Security Vulnerabilities and Issues — Shescape@1.4.0 CVE List

Lucene search

Shescape ProjectShescape1.4.0

2 matches found

CVE•added 2022/03/03 10:15 p.m.•113 views

CVE-2022-24725

Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the escape or escapeAll functions from the shescape API with the interpolation option set to true. Other tested shells, Dash and Zsh,...

6.2CVSS5.5AI score0.00296EPSS

CVE•added 2022/08/01 8:15 p.m.•77 views

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if an...

9.8CVSS9.8AI score0.01025EPSS