Skip to main content

Shescape CVE-2026-30916

Information Exposure (CWE-200)
2026-03-10 security-advisories@github.com GHSA-6f6w-6j58-rq76

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 17:40 nvd
N/A

DescriptionCVE.org

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk that is a link to a link. The precise result of being affected depends on the actual shell used and incorrect shell identified by Shescape. This vulnerability is fixed in 2.1.9.

AnalysisAI

Shescape is a simple shell escape library for JavaScript. versions up to 2.1.9 is affected by information exposure.

Technical ContextAI

This vulnerability (CWE-200: Information Exposure) affects Shescape is a simple shell escape library for JavaScript.. Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk that is a link to a link. The precise result of being affected depends on the actual shell used and incorrect shell identified by Shescape. This vulnerability is fixed in 2.1.9.

Affected ProductsAI

Product: Shescape is a simple shell escape library for JavaScript.. Versions: up to 2.1.9.

RemediationAI

Fixed in version 2.1.9..

Share

CVE-2026-30916 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy