4 matches found
CVE-2023-35931
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...
CVE-2023-35931
CVE-2023-35931 affects the JavaScript library shescape . The vulnerability exists in the shell-escape logic, specifically the interpolation path in the internal function (escapeArgForInterpolation) used when the interpolation option is enabled with Windows CMD, which can allow an attacker to read...
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1...
@adobe/git-server (>=1.0.1 <=1.0.5), @adobe/helix-cli (>=5.7.7 <=6.1.0) +21 more potentially affected by CVE-2023-35931 via shescape (>=1.6.1 <=1.6.6)
shescape NPM version =1.6.1, =1.0.1, =5.7.7, =2.16.1, =0.1.3, =0.0.7, =0.1.0, =2.3.2, =2.3.2, =2.3.2, =2.3.3 and more Source cves: CVE-2023-35931 Source advisory: OSV:GHSA-3G7P-8QHX-MC8R...