Shell Injection Vulnerability in shescape (<=1.1.2) Allows Attackers to Bypass Protection

Shell Injection Vulnerability in shescape (<=1.1.2) Allows Attackers to Bypass Protection

CVE-2021-21384 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

Learn more about our Web Application Penetration Testing UK.