CVE-2022-25918

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25918

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25918.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25918

Aliases

GHSA-cr84-xvw4-qx3c

Published

2022-10-27T10:15:10.637Z

Modified

2026-03-15T14:46:57.078024Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.

References

Affected packages

Git / github.com/ericcornelissen/shescape

Affected ranges

Type

GIT

Repo

https://github.com/ericcornelissen/shescape

Events

Introduced

Last affected

656ecbc798cb21ab95449d3fb4838a36dd09b6d8

Introduced

Last affected

e1915f53479d99b953059d131cbca561ae77948d

Fixed

552e8eab56861720b1d4e5474fb65741643358f9

Fixed

dbc5c9d1b3325d45a5f060ff0cd4b3ff761cbbbc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.5.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.5.0

v1.5.1

v1.5.10

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25918.json"