CVE-2023-40185

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63	Patch
https://github.com/ericcornelissen/shescape/pull/1142	Patch
https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4	Release Notes
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549	Exploit Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-23 21:15

Updated : 2023-09-01 18:02

NVD link : CVE-2023-40185

Mitre link : CVE-2023-40185

CVE.ORG link : CVE-2023-40185

JSON object : View

Products Affected

microsoft

windows

shescape_project

shescape

CWE

CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences

{"id": "CVE-2023-40185", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.2}]}, "published": "2023-08-23T21:15:09.063", "references": [{"url": "https://github.com/ericcornelissen/shescape/commit/0b976dab645abf45ffd85e74a8c6e51ee2f42d63", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/pull/1142", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.7.4", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-j55r-787p-m549", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-150"}]}], "descriptions": [{"lang": "en", "value": "shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4."}], "lastModified": "2023-09-01T18:02:45.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "68A1452B-CAE3-44C6-A01D-F9E73A62DAB8", "versionEndExcluding": "1.7.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-advisories@github.com"}