Shescape Shell Escape Bypass Vulnerability

A vulnerability in Shescape, a shell escape library for JavaScript, prior to version 2.1.9, allows attackers to bypass shell escaping. This issue can lead to the exposure of sensitive information, particularly for users who configure their shell to point to a file that is a link to another link. The impact varies depending on the actual shell used and how it is misidentified by Shescape.

Impact

Exploitation of this vulnerability can result in bypassing shell escape mechanisms, potentially leading to unauthorized access to sensitive information.

Reproduction

To reproduce this vulnerability, create a symbolic link that points to another symbolic link, with the final target being a valid shell executable, such as bash. Then, use Shescape to escape user-controlled input, which will be executed in the context of the linked shell. The misconfiguration can be exploited by injecting payloads that manipulate the shell environment or command execution.

Remediation

Users can upgrade to Shescape version 2.1.9 or later to address this vulnerability. If upgrading is not possible, avoid using a shell or ensure that the shell path is not a link to a link.