Описание
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Product
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.3 (исключая)
Одновременно
cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*
Одно из
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
6.3 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-88
Связанные уязвимости
EPSS
Процентиль: 38%
0.00165
Низкий
6.3 Medium
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-88