| Release | Version |
|---|---|
| bookworm | 1.7.4+~1.7.1-1 |
| bookworm (security) | 1.7.4+~1.7.1-1+deb12u1 |
| trixie | 1.7.4+~1.7.1-1 |
| trixie (security) | 1.7.4+~1.7.1-1+deb13u1 |
| forky | 1.8.4+~1.7.5-1 |
| sid | 1.8.4+~1.7.5-1 |
| Bug | Description |
|---|---|
| CVE-2026-9277 | shell-quote's `quote()` function did not validate object-token inputs ... |
| CVE-2021-42740 | The shell-quote package before 1.7.3 for Node.js allows command inject ... |
| CVE-2016-10541 | The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ... |
| DSA / DLA | Description |
|---|---|
| DSA-6300-1 | node-shell-quote - security update |