Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NShescape Project Shescape
APPShescape Project< 1.7.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2022-31180CRITICAL9.8ten sam produkt
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient es...
CVE-2022-31179HIGH8.1ten sam produkt
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to ...
CVE-2026-32094MEDIUM6.9ten sam produkt
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape s...
CVE-2023-40185MEDIUM6.5ten sam produkt
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in ...
CVE-2022-25918MEDIUM5.3ten sam produkt
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDo...