CVE-2022-31179

Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`'\n'`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`'\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact).

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/ericcornelissen/shescape/pull/332	Patch Third Party Advisory
https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8	Release Notes Third Party Advisory
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w	Exploit Patch Third Party Advisory
https://github.com/ericcornelissen/shescape/pull/332	Patch Third Party Advisory
https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8	Release Notes Third Party Advisory
https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:04

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.1
References	~~() https://github.com/ericcornelissen/shescape/pull/332 - Patch, Third Party Advisory~~	() https://github.com/ericcornelissen/shescape/pull/332 - Patch, Third Party Advisory
References	~~() https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8 - Release Notes, Third Party Advisory~~	() https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8 - Release Notes, Third Party Advisory
References	~~() https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w - Exploit, Patch, Third Party Advisory~~	() https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w - Exploit, Patch, Third Party Advisory

09 Aug 2022, 13:30

Type	Values Removed	Values Added
References	~~(MISC) https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8 -~~	(MISC) https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8 - Release Notes, Third Party Advisory
References	~~(MISC) https://github.com/ericcornelissen/shescape/pull/332 -~~	(MISC) https://github.com/ericcornelissen/shescape/pull/332 - Patch, Third Party Advisory
References	~~(CONFIRM) https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w -~~	(CONFIRM) https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w - Exploit, Patch, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CPE		cpe:2.3:a:shescape_project:shescape:::::::: cpe:2.3:o:microsoft:windows:-:::::::*

01 Aug 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-01 20:15

Updated : 2024-11-21 07:04

NVD link : CVE-2022-31179

Mitre link : CVE-2022-31179

CVE.ORG link : CVE-2022-31179

JSON object : View

Products Affected

shescape_project

shescape

microsoft

windows

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2022-31179", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-01T20:15:08.177", "references": [{"url": "https://github.com/ericcornelissen/shescape/pull/332", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ericcornelissen/shescape/pull/332", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ericcornelissen/shescape/releases/tag/v1.5.8", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-jjc5-fp7p-6f8w", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`'\\n'`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`'\\n'`) can be stripped out manually or the user input can be made the last argument (this only limits the impact)."}, {"lang": "es", "value": "Shescape es un sencillo paquete de escape de shell para JavaScript. Las versiones anteriores a 1.5.8, fueron encontradas sujetas a inyecci\u00f3n de c\u00f3digo en Windows. Esto afecta a usuarios que usan Shescape (cualquier funci\u00f3n de la API) para escapar de los argumentos de cmd.exe en Windows Un atacante puede omitir todos los argumentos que siguen a su entrada mediante la inclusi\u00f3n de un car\u00e1cter de avance de l\u00ednea (\"\"\\n\"\") en la carga \u00fatil. Este error ha sido parcheado en la [v1.5.8], a la que puede actualizar ahora. No es necesario realizar m\u00e1s cambios. Alternativamente, los caracteres de avance de l\u00ednea (\"\"\\n\"\") pueden ser eliminados manualmente o la entrada del usuario puede convertirse en el \u00faltimo argumento (esto s\u00f3lo limita el impacto)"}], "lastModified": "2024-11-21T07:04:03.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5799303A-5B2B-42A3-99C3-C69EDE31CED4", "versionEndExcluding": "1.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-advisories@github.com"}

8.1 /10