{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110344?format=json","vulnerability_id":"VCID-px7h-1hh9-wuhs","summary":"Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD\n### Impact\n\nThis impacts users that use Shescape (any API function) to escape arguments for **cmd.exe** on **Windows**. An attacker can omit all arguments following their input by including a line feed character (`'\\n'`) in the payload. Example:\n\n```javascript\nimport cp from \"node:child_process\";\nimport * as shescape from \"shescape\";\n\n// 1. Prerequisites\nconst options = {\n  shell: \"cmd.exe\",\n};\n\n// 2. Attack\nconst payload = \"attacker\\n\";\n\n// 3. Usage\nlet escapedPayload;\nescapedPayload = shescape.escape(payload, options);\n// Or\nescapedPayload = shescape.escapeAll([payload], options)[0];\n// Or\nescapedPayload = shescape.quote(payload, options);\n// Or\nescapedPayload = shescape.quoteAll([payload], options)[0];\n\ncp.execSync(`echo Hello ${escapedPayload}! How are you doing?`, options);\n// Outputs:  \"Hello attacker\"\n```\n\n> **Note**: `execSync` is just illustrative here, all of `exec`, `execFile`, `execFileSync`, `fork`, `spawn`, and `spawnSync` can be attacked using a line feed character if CMD is the shell being used.\n\n### Patches\n\nThis bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required.\n\n### Workarounds\n\nAlternatively, line feed characters (`'\\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).\n\n### References\n\n- https://github.com/ericcornelissen/shescape/pull/332\n- https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Comment on https://github.com/ericcornelissen/shescape/pull/332\n- Open an issue at https://github.com/ericcornelissen/shescape/issues (_New issue_ > _Question_ > _Get started_)\n\n[v1.5.8]: https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8","aliases":[{"alias":"CVE-2022-31179"},{"alias":"GHSA-jjc5-fp7p-6f8w"},{"alias":"GMS-2022-3205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/148976?format=json","purl":"pkg:npm/shescape@1.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.8"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/295432?format=json","purl":"pkg:npm/shescape@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295433?format=json","purl":"pkg:npm/shescape@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295434?format=json","purl":"pkg:npm/shescape@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/295435?format=json","purl":"pkg:npm/shescape@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295436?format=json","purl":"pkg:npm/shescape@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/295437?format=json","purl":"pkg:npm/shescape@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295438?format=json","purl":"pkg:npm/shescape@0.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@0.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/295439?format=json","purl":"pkg:npm/shescape@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295440?format=json","purl":"pkg:npm/shescape@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/295441?format=json","purl":"pkg:npm/shescape@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/295442?format=json","purl":"pkg:npm/shescape@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-afhu-wkta-q3et"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/80026?format=json","purl":"pkg:npm/shescape@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/600997?format=json","purl":"pkg:npm/shescape@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/600998?format=json","purl":"pkg:npm/shescape@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/600999?format=json","purl":"pkg:npm/shescape@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/601000?format=json","purl":"pkg:npm/shescape@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/601001?format=json","purl":"pkg:npm/shescape@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/601002?format=json","purl":"pkg:npm/shescape@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/60847?format=json","purl":"pkg:npm/shescape@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-swqs-h2mw-9bc7"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/559184?format=json","purl":"pkg:npm/shescape@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-swqs-h2mw-9bc7"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/60848?format=json","purl":"pkg:npm/shescape@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/601003?format=json","purl":"pkg:npm/shescape@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/601004?format=json","purl":"pkg:npm/shescape@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/601005?format=json","purl":"pkg:npm/shescape@1.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/601006?format=json","purl":"pkg:npm/shescape@1.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/601007?format=json","purl":"pkg:npm/shescape@1.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/601008?format=json","purl":"pkg:npm/shescape@1.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7x9z-rjk1-j7d2"},{"vulnerability":"VCID-8tmm-r9hx-t7gh"},{"vulnerability":"VCID-cy6p-xc3p-wbe1"},{"vulnerability":"VCID-emqt-chqk-wug3"},{"vulnerability":"VCID-px7h-1hh9-wuhs"},{"vulnerability":"VCID-wpfp-cjd5-87g2"},{"vulnerability":"VCID-xw8t-7zmd-gqds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/shescape@1.5.7"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31179","reference_id":"","reference_type":"","scores":[{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70608","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70578","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.7059","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70598","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00625","scoring_system":"epss","scoring_elements":"0.70556","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31179"},{"reference_url":"https://github.com/ericcornelissen/shescape","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ericcornelissen/shescape"},{"reference_url":"https://github.com/ericcornelissen/shescape/commit/aceea7358f7222984e21260381ebc5ec4543b76f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ericcornelissen/shescape/commit/aceea7358f7222984e21260381ebc5ec4543b76f"},{"reference_url":"https://github.com/ericcornelissen/shescape/pull/332","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:15Z/"}],"url":"https://github.com/ericcornelissen/shescape/pull/332"},{"reference_url":"https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:15Z/"}],"url":"https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8"},{"reference_url":"https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:45:15Z/"}],"url":"https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31179","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31179"},{"reference_url":"https://github.com/advisories/GHSA-jjc5-fp7p-6f8w","reference_id":"GHSA-jjc5-fp7p-6f8w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jjc5-fp7p-6f8w"}],"weaknesses":[{"cwe_id":74,"name":"Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","description":"The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-px7h-1hh9-wuhs"}