Vulnerability Description
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
CVSS Score
3.1
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shescape Project | Shescape | < 1.7.1 |
Related Weaknesses (CWE)
References
- https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47Patch
- https://github.com/ericcornelissen/shescape/pull/982Patch
- https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1Release Notes
- https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mExploitVendor Advisory
- https://github.com/ericcornelissen/shescape/commit/d0fce70f987ac0d8331f93cb45d47Patch
- https://github.com/ericcornelissen/shescape/pull/982Patch
- https://github.com/ericcornelissen/shescape/releases/tag/v1.7.1Release Notes
- https://github.com/ericcornelissen/shescape/security/advisories/GHSA-3g7p-8qhx-mExploitVendor Advisory
FAQ
What is CVE-2023-35931?
CVE-2023-35931 is a vulnerability with a CVSS score of 3.1 (LOW). Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
How severe is CVE-2023-35931?
CVE-2023-35931 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35931?
Check the references section above for vendor advisories and patch information. Affected products include: Shescape Project Shescape.