Vendor
shell-quote
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- shell-quote2 CVEsnpm
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-9277 | Hig | 0.46 | 8.1 | 0.01 | May 22, 2026 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line… | ||
| CVE-2026-13311 | mod | 0.42 | 6.5 | 0.00 | Jun 25, 2026 | shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing |
- risk 0.46cvss 8.1epss 0.01
shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line…
- risk 0.42cvss 6.5epss 0.00
shell-quote: shell-quote/parse: shell-quote: Denial of Service due to inefficient input parsing