4.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:M/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
11.9%
nodejs is vulnerable to Improper Access Control. A remote authenticated attacker is able to bypass security restrictions by sending a specially-crafted request using ICU_DATA
environment variable, An attacker could exploit this vulnerability to search and potentially load ICU data.
lists.debian.org/debian-lts-announce/2023/02/msg00038.html
nodejs.org/en/blog/vulnerability/february-2023-security-releases/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.netapp.com/advisory/ntap-20230316-0008/
www.debian.org/security/2023/dsa-5395
4.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:M/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
11.9%