Skip to main content

Exposure of Sensitive Information Through Environmental Variables

CVE-2023-35931

Severity Medium
Score 4.3/10

Summary

Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This issue affects versions prior to 1.7.1.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-526 - Exposure of Sensitive Information Through Environmental Variables

Environmental variables may contain sensitive information about a remote server.

Advisory Timeline

  • Published