CVE-2023-40185
Published: 23 August 2023
Summary
CVE-2023-40185 is a medium-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Shescape Project Shescape. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-2309
Vulnerability details
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections…
more
depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.