Exposure of Sensitive Information Through Environmental Variables
CVE-2023-35931
Summary
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This issue affects versions prior to 1.7.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-526 - Exposure of Sensitive Information Through Environmental Variables
Environmental variables may contain sensitive information about a remote server.
References
Advisory Timeline
- Published