The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2022-10-27T05:05:09.944271Z
Updated: 2024-09-16T20:06:21.519Z
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25918
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-27T10:15:10.637
Modified: 2024-11-21T06:53:12.840
Link: CVE-2022-25918
Redhat
No data.