CVE Catalog
CVE-2023-35931
LowCVSS 3.1Exploitation Probability (EPSS)
Low risk0.65%
46th percentile — higher than 46% of all known CVEs
Summary
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
Risk Assessment
Access to environment variables may lead to the disclosure of sensitive information, posing a security risk to the application.
Recommendation
It is recommended to update the Shescape library to version 1.7.1 or later to mitigate this vulnerability.
Original NVD description (English source)
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

