CVE-2023-23920

CWE-4269 documents8 sources

Severity

4.2MEDIUM

EPSS

0.1%

top 73.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node Nodejs Node.js Debian Debian Linux

Timeline

PublishedFeb 23

Latest updateMar 4

Description

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:NExploitability: 0.6 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5nodejs/node4.0 — 4.*+15

▶NVDnodejs/node.js14.0.0 — 14.21.3+6

▶Debiannodejs< 12.22.12~dfsg-1~deb11u4+3

Also affects: Debian Linux 10.0

Patches

Patch: nodejs.org ↗Patch: nodejs.org ↗

🔴Vulnerability Details

OSV

nodejs vulnerabilities↗2024-03-04

▶

OSV

CVE-2023-23920: An untrusted search path vulnerability exists in Node↗2023-02-23

▶

GHSA

GHSA-fj8r-46q3-hp4r: An untrusted search path vulnerability exists in Node↗2023-02-23

▶

CVEList

CVE-2023-23920: An untrusted search path vulnerability exists in Node↗2023-02-23

▶

📋Vendor Advisories

Ubuntu

Node.js vulnerabilities↗2024-03-04

▶

Red Hat

Node.js: insecure loading of ICU data through ICU_DATA environment variable↗2023-02-16

▶

Microsoft

An untrusted search path vulnerability exists in Node.js. <19.6.1 <18.14.1 <16.19.1 and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privile↗2023-02-14

▶

Debian

CVE-2023-23920: nodejs - An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16...↗2023

▶