shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-23T20:20:45.807Z
Updated: 2024-08-02T18:24:55.947Z
Reserved: 2023-08-09T15:26:41.053Z
Link: CVE-2023-40185
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-08-23T21:15:09.063
Modified: 2023-09-01T18:02:45.407
Link: CVE-2023-40185
Redhat
No data.