Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-40185

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

Published

2023-08-23T21:15:09.063

Last Modified

2024-11-21T08:18:57.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-150

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	shescape_project	shescape	< 1.7.4	Yes
Operating System	microsoft	windows	-	No

References

https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63 Patch ([email protected])
https://github.com/ericcornelissen/shescape/pull/1142 Patch ([email protected])
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4 Release Notes ([email protected])
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549 Exploit, Patch, Vendor Advisory ([email protected])
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ericcornelissen/shescape/pull/1142 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)