MEDIUM🇬🇧 English

CVE-2022-25918

CVSS 5.3v3.1pub. 2022-10-27upd. 2025-05-05

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Shescape Project Shescape

    APP
    Shescape Project
    1.5.101.6.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2022-31180CRITICAL9.8ten sam produkt

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient es...

CVE-2022-31179HIGH8.1ten sam produkt

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to ...

CVE-2026-32094MEDIUM6.9ten sam produkt

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape s...

CVE-2023-40185MEDIUM6.5ten sam produkt

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in ...

CVE-2022-36064MEDIUM5.9ten sam produkt

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability ...