EPSS
Percentile
34.7%
shescape is vulnerable to OS command injection. The function escapeShellArg does not strip null characters from user-provided input, causing errors and potentially execute arbitrary commands.
escapeShellArg
github.com/advisories/GHSA-f2rp-38vg-j3gh
github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b
github.com/ericcornelissen/shescape/releases/tag/v1.1.3
github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh
www.npmjs.com/package/shescape