Cyber Resilience

CVE-2023-40185

MediumPublic PoC

Published: 23 August 2023

Published
23 August 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
EPSS Score 0.0009 25.8th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-40185 is a medium-severity Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150) vulnerability in Shescape Project Shescape. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 25.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections…

more

depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

shescape project
shescape
≤ 1.7.4

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References