Vulnerability Details : CVE-2023-40185
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
Products affected by CVE-2023-40185
- cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40185
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40185
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |
3.9
|
4.0
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L |
2.2
|
3.7
|
GitHub, Inc. |
CWE ids for CVE-2023-40185
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-40185
-
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63
Provide explicit `$PATH` value to which (#1142) · ericcornelissen/shescape@0b976da · GitHubPatch
-
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4
Release Release v1.7.4 · ericcornelissen/shescape · GitHubRelease Notes
-
https://github.com/ericcornelissen/shescape/pull/1142
Provide explicit `$PATH` value to which by ericcornelissen · Pull Request #1142 · ericcornelissen/shescape · GitHubPatch
-
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549
Windows escaping may be bypassed in threaded context · Advisory · ericcornelissen/shescape · GitHubExploit;Patch;Vendor Advisory
Jump to