shescape is vulnerable to regular expression denial of service. The vulnerability exists in escapeArgBash
function in unix.js
due to insufficient regular expression complexity in bash escaping which allows an attacker to cause polynomial backtracking or quadratic runtime resulting an application crash.
github.com/ericcornelissen/shescape/commit/6f72afae9c7dc00ae495c962959e2ffb82747167
github.com/ericcornelissen/shescape/commit/b561763d9247559bd55a858b00690363cc2ed4bd
github.com/ericcornelissen/shescape/pull/373
github.com/ericcornelissen/shescape/releases/tag/v1.5.10
github.com/ericcornelissen/shescape/security/advisories/GHSA-gp75-h7j6-5pv3