Home > Vulnerability Database > CVE-2022-25918

Mend.io Vulnerability Database

CVE-2022-25918

Good to know:

Date: October 27, 2022

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.

Language: JS

Severity Score

7.5

Related Resources (6)

Url: https://github.com/advisories/GHSA-cr84-xvw4-qx3c

Url: https://github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25918

Url: https://github.com/ericcornelissen/shescape/releases/tag/v1.6.1

Url: https://github.com/ericcornelissen/shescape/blob/main/src/unix.js%23L52

Url: https://www.mend.io/vulnerability-database/CVE-2022-25918

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version shescape - 1.6.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25918

Good to know:

Date: October 27, 2022

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?