Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-23920

Опубликовано: 23 фев. 2023
Источник: debian
EPSS Низкий

Описание

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nodejsfixed18.13.0+dfsg1-1.1package

Примечания

  • https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920

  • https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1

EPSS

Процентиль: 26%
0.00091
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-23920

CVSS3: 4.2
ubuntu
почти 3 года назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

redhat логотип

CVE-2023-23920

CVSS3: 4.2
redhat
почти 3 года назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

nvd логотип

CVE-2023-23920

CVSS3: 4.2
nvd
почти 3 года назад

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

msrc логотип

CVE-2023-23920

CVSS3: 4.2
msrc
почти 3 года назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2023:0682-1

suse-cvrf
почти 3 года назад

Security update for nodejs12

EPSS

Процентиль: 26%
0.00091
Низкий