Shescape Security Vulnerabilities and Issues — Shescape CVE List

Lucene search

Shescape ProjectShescape

3 matches found

CVE•added 2022/10/27 10:15 a.m.•85 views

CVE-2022-25918

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.

7.5CVSS6.2AI score0.00268EPSS

CVE•added 2021/03/19 12:15 a.m.•58 views

CVE-2021-21384

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security...

7.8CVSS6.8AI score0.00165EPSS

CVE•added 2022/09/06 9:15 p.m.•45 views

CVE-2022-36064

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape arguments for the Unix shells Bash and Dash, or any not-officially-supported Unix shell; and/or using the escape or escapeAll functions with the in...

7.5CVSS6.5AI score0.00502EPSS