Vulnerabilities > CVE-2021-21384 - Unspecified vulnerability in Shescape Project Shescape

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

shescape-project

NVD

Published: 2021-03-19

Updated: 2024-11-21

Summary

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

Vulnerable Configurations

Part	Description	Count
Application	Shescape_Project Shescape Project Shescape 0.1.0 Shescape Project Shescape 0.2.0 Shescape Project Shescape 0.2.1 Shescape Project Shescape 0.3.0 Shescape Project Shescape 0.3.1 Shescape Project Shescape 0.4.0 Shescape Project Shescape 0.4.1 Shescape Project Shescape 1.0.0 Shescape Project Shescape 1.1.0 Shescape Project Shescape 1.1.1 Shescape Project Shescape 1.1.2	11
OS	Microsoft Microsoft Windows -	1
OS	Opengroup Opengroup Unix -	1

Summary

Vulnerable Configurations

References