What is CVE-2022-31180?

CVE-2022-31180 is a critical-severity vulnerability in Ericcornelissen Shescape, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.8/10. Published 2022-08-01.

How severe is CVE-2022-31180?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Ericcornelissen Shescape

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions wit…

EPSS: 0.011 (78.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ericcornelissen Shescape — versions >=1.4.0 < 1.5.8

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

github.com/ericcornelissen/shescape/security/advisories/GHSA-44vr-rwwj-p88h (x_refsource_CONFIRM)
github.com/ericcornelissen/shescape/pull/322 (x_refsource_MISC)
github.com/ericcornelissen/shescape/pull/324 (x_refsource_MISC)
github.com/ericcornelissen/shescape/releases/tag/v1.5.7 (x_refsource_MISC)
github.com/ericcornelissen/shescape/releases/tag/v1.5.8 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31180?: CVE-2022-31180 is a critical-severity vulnerability in Ericcornelissen Shescape, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.8/10. Published 2022-08-01.
How severe is CVE-2022-31180?: Critical severity. CVSS v3 base score is 9.8 out of 10.