4.2
CVE-2023-23920
- EPSS 0.47%
- Veröffentlicht 23.02.2023 20:15:14
- Zuletzt bearbeitet 17.03.2025 19:15:19
- Quelle support@hackerone.com
- CVE-Watchlists
- Unerledigt
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.37 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.2 | 0.6 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.2 | 0.6 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
https://security.netapp.com/advisory/ntap-20230316-0008/
https://www.debian.org/security/2023/dsa-5395