The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LShescape Project Shescape
APPShescape Project1.5.101.6.0
Related vulnerabilities
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient es...
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to ...
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape s...
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in ...
Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability ...