Vulnerability Description
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shescape Project | Shescape | < 1.7.4 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6ePatch
- https://github.com/ericcornelissen/shescape/pull/1142Patch
- https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4Release Notes
- https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-mExploitPatchVendor Advisory
- https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6ePatch
- https://github.com/ericcornelissen/shescape/pull/1142Patch
- https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4Release Notes
- https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-mExploitPatchVendor Advisory
FAQ
What is CVE-2023-40185?
CVE-2023-40185 is a vulnerability with a CVSS score of 6.5 (MEDIUM). shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the...
How severe is CVE-2023-40185?
CVE-2023-40185 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40185?
Check the references section above for vendor advisories and patch information. Affected products include: Shescape Project Shescape, Microsoft Windows.