First published: Fri Jun 23 2023(Updated: )
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Shescape Project Shescape | <1.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-35931 is a vulnerability in the Shescape library for JavaScript that allows an attacker to gain read-only access to environment variables.
Shescape library versions up to and excluding 1.7.1 are affected by CVE-2023-35931.
CVE-2023-35931 has a severity rating of 4.3, which is medium.
To fix CVE-2023-35931, update your Shescape library to version 1.7.1 or later.
You can find more information about CVE-2023-35931 in the following references: [link1], [link2], [link3].