CVE-2023-35931

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 23, 2023

Updated: Jul 4, 2023

CWE ID 526

Summary

CVE-2023-35931 involves a vulnerability in Shescape, a JavaScript library. An attacker can exploit this issue to gain read-only access to environment variables, despite the library's intended sandboxing. Though the vulnerability is limited to read-only access, it can still pose potential risks. This security flaw has been addressed in version 1.7.1 of Shescape.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Shescape Project Shescape

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rviYBN
https://www.cve.org/CVERecord?id=CVE-2023-35931
https://nvd.nist.gov/vuln/detail/CVE-2023-35931

Back to Vulnerability Database

CVE-2023-35931

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations