CVE-2023-40185 - Vulnerability Details - OpenCVE

ReportizFlow

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Shescape Project	Shescape

Configuration 1 [-]

AND

cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63
https://github.com/ericcornelissen/shescape/pull/1142
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549

History

Mon, 30 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-23T20:20:45.807Z

Updated: 2024-09-30T19:14:01.973Z

Reserved: 2023-08-09T15:26:41.053Z

Link: CVE-2023-40185

Vulnrichment

Updated: 2024-08-02T18:24:55.947Z

NVD

Status : Modified

Published: 2023-08-23T21:15:09.063

Modified: 2024-11-21T08:18:57.420

Link: CVE-2023-40185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40185", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-09T15:26:41.053Z", "datePublished": "2023-08-23T20:20:45.807Z", "dateUpdated": "2024-09-30T19:14:01.973Z"}, "containers": {"cna": {"title": "Shescape on Windows escaping may be bypassed in threaded context", "problemTypes": [{"descriptions": [{"cweId": "CWE-150", "lang": "en", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}, {"name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}], "affected": [{"vendor": "ericcornelissen", "product": "shescape", "versions": [{"version": "< 1.7.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-23T20:20:45.807Z"}, "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "source": {"advisory": "GHSA-j55r-787p-m549", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.947Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}, {"name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-30T19:09:19.179504Z", "id": "CVE-2023-40185", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T19:14:01.973Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/ericcornelissen/shescape/pull/1142", "name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:55.947Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-40185", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-30T19:09:19.179504Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-30T19:13:57.576Z"}}], "cna": {"title": "Shescape on Windows escaping may be bypassed in threaded context", "source": {"advisory": "GHSA-j55r-787p-m549", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "ericcornelissen", "product": "shescape", "versions": [{"status": "affected", "version": "< 1.7.4"}]}], "references": [{"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "name": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/ericcornelissen/shescape/pull/1142", "name": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "name": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "name": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-150", "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-23T20:20:45.807Z"}}}, "cveMetadata": {"cveId": "CVE-2023-40185", "state": "PUBLISHED", "dateUpdated": "2024-09-30T19:14:01.973Z", "dateReserved": "2023-08-09T15:26:41.053Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-08-23T20:20:45.807Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "68A1452B-CAE3-44C6-A01D-F9E73A62DAB8", "versionEndExcluding": "1.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "id": "CVE-2023-40185", "lastModified": "2024-11-21T08:18:57.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.7, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-08-23T21:15:09.063", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}, {"source": "[email protected]", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ericcornelissen/shescape/pull/1142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-150"}], "source": "[email protected]", "type": "Secondary"}]}