Shescape CVE-2026-30916
Lifecycle Timeline
3DescriptionCVE.org
Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk that is a link to a link. The precise result of being affected depends on the actual shell used and incorrect shell identified by Shescape. This vulnerability is fixed in 2.1.9.
AnalysisAI
Shescape is a simple shell escape library for JavaScript. versions up to 2.1.9 is affected by information exposure.
Technical ContextAI
This vulnerability (CWE-200: Information Exposure) affects Shescape is a simple shell escape library for JavaScript.. Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk that is a link to a link. The precise result of being affected depends on the actual shell used and incorrect shell identified by Shescape. This vulnerability is fixed in 2.1.9.
Affected ProductsAI
Product: Shescape is a simple shell escape library for JavaScript.. Versions: up to 2.1.9.
RemediationAI
Fixed in version 2.1.9..
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-6f6w-6j58-rq76