MEDIUM🇵🇱 Wersja polska

CVE-2022-25918

CVSS 5.3v3.1pub. 2022-10-27upd. 2025-05-05

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Shescape Project Shescape

    APP
    Shescape Project
    1.5.101.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2022-31180CRITICAL9.8ten sam produkt

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient es...

CVE-2022-31179HIGH8.1ten sam produkt

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to ...

CVE-2026-32094MEDIUM6.9ten sam produkt

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape s...

CVE-2023-40185MEDIUM6.5ten sam produkt

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in ...

CVE-2022-36064MEDIUM5.9ten sam produkt

Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability ...