Exposure of Sensitive Information Through Environmental Variables

CVE-2023-35931

Medium

4.3/10

Summary

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This issue affects versions prior to 1.7.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-526 - Exposure of Sensitive Information Through Environmental Variables

Environmental variables may contain sensitive information about a remote server.

References

Pull request
Release Note
Advisory

Advisory Timeline

Published Jun 23, 2023

Exposure of Sensitive Information Through Environmental Variables

CVE-2023-35931

Summary

CWE-526 - Exposure of Sensitive Information Through Environmental Variables

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS