CVE Catalog

CVE-2023-35931

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.65%

46th percentile — higher than 46% of all known CVEs

Summary

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

Risk Assessment

Access to environment variables may lead to the disclosure of sensitive information, posing a security risk to the application.

Recommendation

It is recommended to update the Shescape library to version 1.7.1 or later to mitigate this vulnerability.

Original NVD description (English source)

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS