Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:40990
HistoryJun 23, 2023 - 5:31 a.m.

Information Disclosure

2023-06-2305:31:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
shescape
information disclosure
escapeargforinterpolation function
cmd.js
sensitive environment variables

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON

shescape is vulnerable to Information Disclosure. The vulnerability exists in the escapeArgForInterpolation function at cmd.js because the command string is not properly sanitized which allows an attacker to gain access to potentially sensitive environment variables.

Related

osv 2
nvd 1
cvelist 1
cve 1
prion 1
github 1
osv
osv
Shescape potential environment variable exposure on Windows with CMD
2023-06-22 20:01:39
CVE-2023-35931
2023-06-23 20:15:09
nvd
nvd
CVE-2023-35931
2023-06-23 20:15:09
cvelist
cvelist
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD
2023-06-23 19:32:53
cve
cve
CVE-2023-35931
2023-06-23 20:15:09
prion
prion
Code injection
2023-06-23 20:15:00
github
github
Shescape potential environment variable exposure on Windows with CMD
2023-06-22 20:01:39

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

30.2%

JSON
Related for VERACODE:40990
osv2nvd1cvelist1cve1prion1github1