Known Vulnerabilities for products from Shell-quote Project
Listed below are 3 of the newest known vulnerabilities associated with the vendor "Shell-quote Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-13311 json | shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which rea... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2021-42740 json | The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharact... | 9.8 - CRITICAL | 2021-10-21 | 2021-10-28 |
| CVE-2016-10541 json | The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Ap... | 9.8 - CRITICAL | 2018-05-31 | 2023-01-31 |
Known software with vulnerabilities from Shell-quote Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Shell-quote Project | Shell-quote | 0.0.0 |