CVE-2023-40185

Summary

CVE-2023-40185 is a high-severity vulnerability that affects the shescape library for JavaScript, specifically impacting users on Windows in a threaded context. This vulnerability allows attackers to bypass protections by causing Shescape to escape (or quote) for the wrong shell. The bug has been patched in version 1.7.4 of the software. The vulnerability has a base score of 8.6 according to NIST, indicating a significant potential danger to organizations. It does not require any privileges or user interaction, and can be exploited remotely over a network. The impact is classified as high integrity, but no confidentiality impact is identified.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.