Shescape Project Shescape 1.6.3 for Node.js

CPE Details

Shescape Project Shescape 1.6.3 for Node.js
shescape_project
shescape
1.6.3
2023-09-01
12h56 +00:00
2023-09-05
17h47 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:shescape_project:shescape:1.6.3:*:*:*:*:node.js:*:*

Informations

Vendor

shescape_project

Product

shescape

Version

1.6.3

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-40185 2023-08-23 20h20 +00:00 shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.
8.6
Haute
CVE-2023-35931 2023-06-23 19h32 +00:00 Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
4.3
Moyen