CVE-2021-21384

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21384

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21384.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21384

Aliases

GHSA-f2rp-38vg-j3gh

Related

GHSA-f2rp-38vg-j3gh

Published

2021-03-19T00:15:11Z

Modified

2025-01-15T01:47:29.967078Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

References

Affected packages

Git / github.com/ericcornelissen/shescape

Affected ranges

Type: GIT
Repo: https://github.com/ericcornelissen/shescape
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07a069a66423809cbedd61d980c11ca44a29ea2b

Fixed

07a069a66423809cbedd61d980c11ca44a29ea2b

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2