shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| shescape(npm) | 0 | 1.1.3 | N/A |
CVSS Metrics
