What is CVE-2021-21384?

CVE-2021-21384 is a medium-severity vulnerability in Ericcornelissen Shescape, classified under Argument Injection. CVSS score: 6.3/10. Published 2021-03-18.

How severe is CVE-2021-21384?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Ericcornelissen Shescape

CVE-2021-21384

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into…

EPSS: 0.002 (37.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N.

Affected products

Ericcornelissen Shescape — versions < 1.1.3

Weakness classification (CWE)

CWE-88 — Argument Injection

References

github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh (x_refsource_CONFIRM)
github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29… (x_refsource_MISC)
github.com/ericcornelissen/shescape/releases/tag/v1.1.3 (x_refsource_MISC)
www.npmjs.com/package/shescape (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21384?: CVE-2021-21384 is a medium-severity vulnerability in Ericcornelissen Shescape, classified under Argument Injection. CVSS score: 6.3/10. Published 2021-03-18.
How severe is CVE-2021-21384?: Medium severity. CVSS v3 base score is 6.3 out of 10.