2.1.1
4 years ago
7 months ago
Known vulnerabilities in the shescape package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Neutralization due to possible escaping the wrong shell, thus allowing attackers to bypass protections. Note: you are only vulnerable if you are using this package on Windows in a threaded context. How to fix Improper Neutralization? Upgrade | <1.7.4 |
shescape is a simple shell escape library Affected versions of this package are vulnerable to Information Exposure such that an attacker may be able to get read-only access to environment variables. Note: This impact users of Shescape:
How to fix Information Exposure? Upgrade | <1.7.1 |
shescape is a simple shell escape library Affected versions of this package are vulnerable to Arbitrary Command Execution for systems using the NOTE: How to fix Arbitrary Command Execution? Upgrade | >=1.4.0 <1.5.8 |
shescape is a simple shell escape library Affected versions of this package are vulnerable to Remote Code Execution (RCE) on Windows, when processing How to fix Remote Code Execution (RCE)? Upgrade | <1.5.8 |
shescape is a simple shell escape library Affected versions of this package are vulnerable to Information Exposure due to possible exposure of the home directory. How to fix Information Exposure? Upgrade | >=1.4.0 <1.5.1 |