fkie_cve-2022-31179
Vulnerability from fkie_nvd
Published
2022-08-01 20:15
Modified
2024-11-21 07:04
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`'\n'`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`'\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).
References
security-advisories@github.comhttps://github.com/ericcornelissen/shescape/pull/332Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/ericcornelissen/shescape/releases/tag/v1.5.8Release Notes, Third Party Advisory
security-advisories@github.comhttps://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8wExploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ericcornelissen/shescape/pull/332Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8wExploit, Patch, Third Party Advisory
Impacted products
Vendor Product Version
shescape_project shescape *
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5799303A-5B2B-42A3-99C3-C69EDE31CED4",
              "versionEndExcluding": "1.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`\u0027\\n\u0027`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`\u0027\\n\u0027`) can be stripped out manually or the user input can be made the last argument (this only limits the impact)."
    },
    {
      "lang": "es",
      "value": "Shescape es un sencillo paquete de escape de shell para JavaScript. Las versiones anteriores a 1.5.8, fueron encontradas sujetas a inyecci\u00f3n de c\u00f3digo en Windows. Esto afecta a usuarios que usan Shescape (cualquier funci\u00f3n de la API) para escapar de los argumentos de cmd.exe en Windows Un atacante puede omitir todos los argumentos que siguen a su entrada mediante la inclusi\u00f3n de un car\u00e1cter de avance de l\u00ednea (\"\"\\n\"\") en la carga \u00fatil. Este error ha sido parcheado en la [v1.5.8], a la que puede actualizar ahora. No es necesario realizar m\u00e1s cambios. Alternativamente, los caracteres de avance de l\u00ednea (\"\"\\n\"\") pueden ser eliminados manualmente o la entrada del usuario puede convertirse en el \u00faltimo argumento (esto s\u00f3lo limita el impacto)"
    }
  ],
  "id": "CVE-2022-31179",
  "lastModified": "2024-11-21T07:04:03.850",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.3,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-01T20:15:08.177",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/pull/332"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/pull/332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.