{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T22:46:38.203","vulnerabilities":[{"cve":{"id":"CVE-2021-21384","sourceIdentifier":"security-advisories@github.com","published":"2021-03-19T00:15:11.793","lastModified":"2024-11-21T05:48:14.847","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required."},{"lang":"es","value":"shescape es un paquete de escape de shell simple para JavaScript. En shescape versiones anteriores a 1.1.3, cualquiera que use _Shescape_ para defenderse de la inyección de shell puede ser vulnerable frente a una inyección shell si el atacante logra insertar en la carga útil. Para visualizar un ejemplo, consulte el Aviso de Seguridad de GitHub al que se hace referencia. El problema ha sido solucionado en la versión 1.1.3. No son requeridos más cambios"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.1.3","matchCriteriaId":"C88DEA52-C298-4E68-AA29-00122DE84930"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*","matchCriteriaId":"6A90CB3A-9BE7-475C-9E75-6ECAD2106302"}]}]}],"references":[{"url":"https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/shescape","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.npmjs.com/package/shescape","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}