shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
References
Link | Resource |
---|---|
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63 | Patch |
https://github.com/ericcornelissen/shescape/pull/1142 | Patch |
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4 | Release Notes |
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549 | Exploit Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-23T20:20:45.807Z
Updated: 2023-08-23T20:20:45.807Z
Reserved: 2023-08-09T15:26:41.053Z
Link: CVE-2023-40185
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-23T21:15:09.063
Modified: 2023-09-01T18:02:45.407
Link: CVE-2023-40185
JSON object: View
Redhat Information
No data.
CWE