CVE-2023-23920

CVSS v3.1 4.2 (Medium)

EPSS 0.04 % (15^th)

Affected Products 2

Advisories 30

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Weaknesses

CWE-426: Untrusted Search Path

CVE Status: PUBLISHED
CNA: HackerOne
Published Date: 2023-02-23 20:15:14
(19 months ago)
Updated Date: 2023-05-03 04:15:09
(16 months ago)

Affected Products

Debian

Debian Linux

Nodejs

Node.js

Configuration #1

	CPE23	From	Up To
Nodejs Node.js from 14.0.0 version and 14.14.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 14.0.0	<= 14.14.0
Nodejs Node.js from 14.0.0 version and prior 14.21.3 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 14.0.0	< 14.21.3
Nodejs Node.js from 16.0.0 version and 16.12.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 16.0.0	<= 16.12.0
Nodejs Node.js from 16.0.0 version and prior 16.19.1 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 16.0.0	< 16.19.1
Nodejs Node.js from 18.0.0 version and 18.11.0 and prior versions	cpe:2.3:a:nodejs:node.js::::*:-	>= 18.0.0	<= 18.11.0
Nodejs Node.js from 18.0.0 version and prior 18.14.1 version	cpe:2.3:a:nodejs:node.js::::*:lts	>= 18.0.0	< 18.14.1
Nodejs Node.js from 19.0.0 version and prior 19.6.1 version	cpe:2.3:a:nodejs:node.js::::*:-	>= 19.0.0	< 19.6.1

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0