exploitDog

CVE-2023-23920

Опубликовано: 23 фев. 2023

Источник: debian

Описание

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nodejs	fixed	18.13.0+dfsg1-1.1		package

Примечания

https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920
https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1

Связанные уязвимости

CVE-2023-23920

CVSS3: 4.2

ubuntu

больше 2 лет назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

CVE-2023-23920

CVSS3: 4.2

redhat

больше 2 лет назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

CVE-2023-23920

CVSS3: 4.2

nvd

больше 2 лет назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

CVE-2023-23920

CVSS3: 4.2

msrc

больше 2 лет назад

Описание отсутствует

SUSE-SU-2023:0682-1

suse-cvrf

больше 2 лет назад

Security update for nodejs12