Lucene search

CVE-2023-23920

🗓️ 23 Feb 2023 20:14:15Reported by hackeroneType

Untrusted search path vulnerability in Node.j

Reporter	Title	Published	Views	Family All 155
CBLMariner	CVE-2023-23920 affecting package nodejs 14.21.1-3	15 Aug 202316:37	–	cbl_mariner
CBLMariner	CVE-2023-23920 affecting package nodejs for versions less than 16.19.1-1	24 Mar 202323:56	–	cbl_mariner
AlpineLinux	CVE-2023-23920	23 Feb 202320:15	–	alpinelinux
Veracode	Improper Access Control	18 Feb 202304:53	–	veracode
NVD	CVE-2023-23920	23 Feb 202320:15	–	nvd
OSV	BIT-node-2023-23920	6 Mar 202411:02	–	osv
OSV	nodejs - security update	2 May 202300:00	–	osv
OSV	CVE-2023-23920	23 Feb 202320:15	–	osv
OSV	BIT-NODE-MIN-2023-23920	16 Dec 202414:00	–	osv
OSV	nodejs - security update	26 Feb 202300:00	–	osv

Nvd

Vulners

Node

nodejs node.jsRange14.0.0–14.14.0-

nodejs node.jsRange14.0.0–14.21.3lts

nodejs node.jsRange16.0.0–16.12.0-

nodejs node.jsRange16.0.0–16.19.1lts

nodejs node.jsRange18.0.0–18.11.0-

nodejs node.jsRange18.0.0–18.14.1lts

nodejs node.jsRange19.0.0–19.6.1-

Node

debian debian_linuxMatch10.0

[
  {
    "vendor": "n/a",
    "product": "https://github.com/nodejs/node",
    "versions": [
      {
        "version": "Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20230316-0008/
debian	www.debian.org/security/2023/dsa-5395
nodejs	www.nodejs.org/en/blog/vulnerability/february-2023-security-releases/
lists	www.lists.debian.org/debian-lts-announce/2023/02/msg00038.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Feb 2023 20:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS34.2

EPSS0.00045

CWE-426