Ericcornelissen Shescape
9 CVEs affecting Ericcornelissen Shescape. Latest disclosed: 2026-03-11. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31180 | Critical | 9.8 | 2022-08-01 | Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output… |
CVE-2022-31179 | High | 8.1 | 2022-08-01 | Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users tha… |
CVE-2023-40185 | Medium | 6.5 | 2023-08-23 | shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result… |
CVE-2021-21384 | Medium | 6.3 | 2021-03-18 | shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still… |
CVE-2022-24725 | Medium | 6.2 | 2022-03-03 | Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bas… |
CVE-2022-36064 | Medium | 5.9 | 2022-09-06 | Shescape is a shell escape package for JavaScript. An Inefficient Regular Expression Complexity vulnerability impacts users that use Shescape to escape argumen… |
CVE-2023-35931 | Low | 3.1 | 2023-06-23 | Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched i… |
CVE-2026-32094 | | 2026-03-11 | Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax for Bash, BusyBox sh, a… | |
CVE-2025-30222 | | 2025-03-25 | Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows wit… |