CVE-2023-40185

Name of the Vulnerable Software and Affected Versions Shescape versions prior to 1.7.4

Description The issue affects users of Shescape on Windows in a threaded context, allowing attackers to bypass protections by exploiting Shescape's failure to correctly escape for the expected shell. This can occur when the expected default system shell is different from the one actually used, such as when configuring the use of PowerShell but Shescape defaults to escaping for CMD instead.

Recommendations For versions prior to 1.7.4, upgrade to version 1.7.4 to resolve the issue. If you are impacted and cannot upgrade immediately, be aware that there is no workaround possible for this vulnerability.