CPE-BB26F4F8-D349-4E93-B670-6AE0401BDD28 Détail

CPE Details

Shescape Project Shescape 0.3.0 for Node.js

Vendor

shescape_project

Product

shescape

Version

0.3.0

Created

2022-09-09
11h20 +00:00

Modifié

2022-09-09
11h34 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:shescape_project:shescape:0.3.0:::::node.js::

Informations

Vendor

shescape_project

Product

shescape

Version

0.3.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2023-40185	2023-08-23 20h20 +00:00	shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.	8.6	Haute
CVE-2023-35931	2023-06-23 19h32 +00:00	Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.	4.3	Moyen
CVE-2022-31179	2022-08-01 17h20 +00:00	Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`'\n'`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`'\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).	9.8	Critique
CVE-2021-21384	2021-03-18 22h50 +00:00	shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.	7.8	Haute

Shescape Project Shescape 0.3.0 for Node.js

CPE Details

CPE Name: cpe:2.3:a:shescape_project:shescape:0.3.0:*:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:shescape_project:shescape:0.3.0:::::node.js::