Cyber Resilience

CVE-2021-21384

MediumPublic PoC

Published: 19 March 2021

Published
19 March 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
EPSS Score 0.0016 37.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21384 is a medium-severity Argument Injection (CWE-88) vulnerability in Shescape Project Shescape. Its CVSS base score is 6.3 (Medium).

Operationally, ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For…

more

an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

shescape project
shescape
≤ 1.1.3

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References