CVE-2021-21384: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
(updated )
shescape is a simple shell escape package for JavaScript. In shescape, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched No further changes are required.
References
Detect and mitigate CVE-2021-21384 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →