CVE-2023-40185

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40185
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40185.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40185
Aliases
Related
Published
2023-08-23T21:15:09Z
Modified
2025-01-15T04:57:17.463638Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

References

Affected packages

Git / github.com/ericcornelissen/shescape

Affected ranges

Type
GIT
Repo
https://github.com/ericcornelissen/shescape
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.5.0
v1.5.1
v1.5.10
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.9
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.7.0
v1.7.1
v1.7.2
v1.7.3