CVE-2023-40185

HIGH Year: 2023
CVSS v3 Score
8.6
High
Weakness Type
CWE-150
View all →

Vulnerability Description

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.

Related Vulnerabilities

CVE-2023-28446

HIGH
CVSS:8.8(High)

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear th...

CWE-1502023

CVE-2023-30844

HIGH
CVSS:8.8(High)

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutag...

CWE-1502023

CVE-2025-0975

HIGH
CVSS:8.8(High)

IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

CWE-1502025

CVE-2024-36052

HIGH
CVSS:7.5(High)

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

CWE-1502024

CVE-2017-0899

CRITICAL
CVSS:9.8(Critical)

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequen...

CWE-1502017

CVE-2023-3265

CRITICAL
CVSS:9.8(Critical)

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "...

CWE-1502023