CVE-2021-21384: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

March 19, 2021 (updated April 22, 2021)

shescape is a simple shell escape package for JavaScript. In shescape, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched No further changes are required.

References

nvd.nist.gov/vuln/detail/CVE-2021-21384

Code Behaviors & Features

Detect and mitigate CVE-2021-21384 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →