shescape@0.4.1 vulnerabilities
simple shell escape library
-
latest version
2.1.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
6 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the shescape package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Neutralization due to possible escaping the wrong shell, thus allowing attackers to bypass protections. Note: you are only vulnerable if you are using this package on Windows in a threaded context. How to fix Improper Neutralization? Upgrade |
<1.7.4
|
shescape is a simple shell escape library Affected versions of this package are vulnerable to Information Exposure such that an attacker may be able to get read-only access to environment variables. Note: This impact users of Shescape:
How to fix Information Exposure? Upgrade |
<1.7.1
|
shescape is a simple shell escape library Affected versions of this package are vulnerable to Remote Code Execution (RCE) on Windows, when processing How to fix Remote Code Execution (RCE)? Upgrade |
<1.5.8
|
shescape is a simple shell escape library Affected versions of this package are vulnerable to Arbitrary Code Execution. Module vulnerable against shell injection if the attacker manages to insert a How to fix Arbitrary Code Execution? Upgrade |
<1.1.3
|