shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
Metrics
Affected Vendors & Products
References
History
Mon, 30 Sep 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-23T20:20:45.807Z
Updated: 2024-09-30T19:14:01.973Z
Reserved: 2023-08-09T15:26:41.053Z
Link: CVE-2023-40185
Vulnrichment
Updated: 2024-08-02T18:24:55.947Z
NVD
Status : Modified
Published: 2023-08-23T21:15:09.063
Modified: 2024-11-21T08:18:57.420
Link: CVE-2023-40185
Redhat
No data.