CVE-2023-40185 - OpenCVE

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Shescape Project	Shescape

Configuration 1 [-]

AND

cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63
https://github.com/ericcornelissen/shescape/pull/1142
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-23T20:20:45.807Z

Updated: 2024-08-02T18:24:55.947Z

Reserved: 2023-08-09T15:26:41.053Z

Link: CVE-2023-40185

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-23T21:15:09.063

Modified: 2023-09-01T18:02:45.407

Link: CVE-2023-40185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40185", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-09T15:26:41.053Z", "datePublished": "2023-08-23T20:20:45.807Z", "dateUpdated": "2024-08-02T18:24:55.947Z"}, "containers": {"cna": {"title": "Shescape on Windows escaping may be bypassed in threaded context", "problemTypes": [{"descriptions": [{"cweId": "CWE-150", "lang": "en", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}, {"name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}], "affected": [{"vendor": "ericcornelissen", "product": "shescape", "versions": [{"version": "< 1.7.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-23T20:20:45.807Z"}, "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "source": {"advisory": "GHSA-j55r-787p-m549", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.947Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}, {"name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "68A1452B-CAE3-44C6-A01D-F9E73A62DAB8", "versionEndExcluding": "1.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "id": "CVE-2023-40185", "lastModified": "2023-09-01T18:02:45.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-08-23T21:15:09.063", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-150"}], "source": "security-advisories@github.com", "type": "Primary"}]}