← Retour au dashboard
high
trivy
detected
shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators
spham/scruteur
Description
Package: shell-quote Installed Version: 1.8.3 Vulnerability CVE-2026-9277 Severity: CRITICAL Fixed Version: 1.8.4 Link: [CVE-2026-9277](https://avd.aquasec.com/nvd/cve-2026-9277)
- Regle
- CVE-2026-9277
- Fichier
- package-lock.json:1332
- Paquet
- shell-quote
- CVE
- CVE-2026-9277
- Advisory
- lien
- Premiere detection
- 2026-06-17 12:26
- Derniere detection
- 2026-06-17 12:26
- Pipeline
- lien
JSON brut
{
"level": "error",
"ruleId": "CVE-2026-9277",
"message": {
"text": "Package: shell-quote\nInstalled Version: 1.8.3\nVulnerability CVE-2026-9277\nSeverity: CRITICAL\nFixed Version: 1.8.4\nLink: [CVE-2026-9277](https://avd.aquasec.com/nvd/cve-2026-9277)"
},
"locations": [
{
"message": {
"text": "package-lock.json: shell-quote@1.8.3"
},
"physicalLocation": {
"region": {
"endLine": 1343,
"endColumn": 1,
"startLine": 1332,
"startColumn": 1
},
"artifactLocation": {
"uri": "package-lock.json",
"uriBaseId": "ROOTPATH"
}
}
}
],
"ruleIndex": 0
}