CVE-2023-35931: Cleartext Storage of Sensitive Information in an Environment Variable
(updated )
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
References
Detect and mitigate CVE-2023-35931 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →