GMS-2022-3205: Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character (' ‘) in the payload.
References
Detect and mitigate GMS-2022-3205 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →