=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN551
_____________________________________________________________________

DATE                : 21/10/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running shell-quote for Node.js versions
                                    prior to 1.7.3.

=====================================================================
https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42740
_____________________________________________________________________

1.7.3

    Fix a security issue where the regex for windows drive letters
allowed some shell meta-characters to escape the quoting rules.
(CVE-2021-42740)


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================