Lucene search
Veracode Vulnerability DatabaseVERACODE:36385HistoryJul 18, 2022 - 9:04 a.m.
Command Injection
2022-07-1809:04:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
shescape
command injection
vulnerability
unix
powershell
malicious characters
EPSS
0.003
Percentile
68.2%
shescape is vulnerable to command injection. White spaces are not escaped for the escape or escapeAll functions with the interpolation option set to true on Bash, Dash, and Zsh on Unix and Powershell on Windows systems, allowing an attacker to inject malicious characters.
References
github.com/advisories/GHSA-44vr-rwwj-p88h
github.com/ericcornelissen/shescape/pull/322
github.com/ericcornelissen/shescape/pull/324
github.com/ericcornelissen/shescape/pull/332
github.com/ericcornelissen/shescape/releases/tag/v1.5.7
github.com/ericcornelissen/shescape/releases/tag/v1.5.8
github.com/ericcornelissen/shescape/security/advisories/GHSA-44vr-rwwj-p88h
Related
prion
prion
Input validation
2022-08-01 20:15:00
cvelist
cvelist
CVE-2022-31180 Insufficient escaping of whitespace in shescape
2022-08-01 19:15:16
cve
cve
CVE-2022-31180
2022-08-01 20:15:08
osv
osv
Shescape vulnerable to insufficient escaping of whitespace
2022-07-15 21:46:08
CVE-2022-31180
2022-08-01 20:15:08
github
github
Shescape vulnerable to insufficient escaping of whitespace
2022-07-15 21:46:08
nvd
nvd
CVE-2022-31180
2022-08-01 20:15:08