Vulnerability	Vulnerable Version
M Improper Neutralization shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Neutralization due to possible escaping the wrong shell, thus allowing attackers to bypass protections. Note: you are only vulnerable if you are using this package on Windows in a threaded context. How to fix Improper Neutralization? Upgrade `shescape` to version 1.7.4 or higher.	<1.7.4
M Information Exposure shescape is a simple shell escape library Affected versions of this package are vulnerable to Information Exposure such that an attacker may be able to get read-only access to environment variables. Note: This impact users of Shescape: On Windows using the Windows Command Prompt (i.e. `cmd.exe`), and Using `quote`/`quoteAll` or `escape`/`escapeAll` with the `interpolation` option set to `true`. How to fix Information Exposure? Upgrade `shescape` to version 1.7.1 or higher.	<1.7.1
M Regular Expression Denial of Service (ReDoS) shescape is a simple shell escape library Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `escape()` and `escapeAll()` functions. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `shescape` to version 1.5.10 or higher.	>=1.5.1 <1.5.10

Go back to all versions of this package