CVE-2021-21384 Information
Jun 07, 2022
cve
Description
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3 anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3 https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh https://www.npmjs.com/package/shescape
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: