Medium severity5.3NVD Advisory· Published Oct 27, 2022· Updated Jun 17, 2026
CVE-2022-25918
CVE-2022-25918
Description
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
shescapenpm | >= 1.5.10, < 1.6.1 | 1.6.1 |
Affected products
2- shescape/shescapedescription
Patches
Vulnerability mechanics
References
7- github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9nvdPatchThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JS-SHESCAPE-3061108nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-cr84-xvw4-qx3cghsaADVISORY
- github.com/ericcornelissen/shescape/releases/tag/v1.6.1nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-25918ghsaADVISORY
- github.com/ericcornelissen/shescape/blob/main/src/unix.js%23L52nvdBroken LinkWEB
- github.com/ericcornelissen/shescape/security/advisories/GHSA-cr84-xvw4-qx3cghsaWEB
News mentions
0No linked articles in our index yet.