Vulnerability	Vulnerable Version
M Improper Neutralization shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Neutralization due to possible escaping the wrong shell, thus allowing attackers to bypass protections. Note: you are only vulnerable if you are using this package on Windows in a threaded context. How to fix Improper Neutralization? Upgrade `shescape` to version 1.7.4 or higher.	<1.7.4
M Information Exposure shescape is a simple shell escape library Affected versions of this package are vulnerable to Information Exposure such that an attacker may be able to get read-only access to environment variables. Note: This impact users of Shescape: On Windows using the Windows Command Prompt (i.e. `cmd.exe`), and Using `quote`/`quoteAll` or `escape`/`escapeAll` with the `interpolation` option set to `true`. How to fix Information Exposure? Upgrade `shescape` to version 1.7.1 or higher.	<1.7.1
M Remote Code Execution (RCE) shescape is a simple shell escape library Affected versions of this package are vulnerable to Remote Code Execution (RCE) on Windows, when processing `cmd.exe` commands. An attacker can cause all arguments following their input to be ignored by including a line feed character (`'\n'`) in the input. How to fix Remote Code Execution (RCE)? Upgrade `shescape` to version 1.5.8 or higher.	<1.5.8

Go back to all versions of this package