LOW🇵🇱 Wersja polska

CVE-2023-35931

CVSS 3.1v3.1pub. 2023-06-23upd. 2024-11-21

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Shescape Project Shescape

    APP
    Shescape Project
    < 1.7.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-31180CRITICAL9.8ten sam produkt

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient es...

CVE-2022-31179HIGH8.1ten sam produkt

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to ...

CVE-2026-32094MEDIUM6.9ten sam produkt

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescape#escape() does not escape s...

CVE-2023-40185MEDIUM6.5ten sam produkt

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in ...

CVE-2022-25918MEDIUM5.3ten sam produkt

The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDo...