Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

  • Published: Feb 23, 2023
  • Updated: Apr 14, 2023
  • CVE: CVE-2023-23920
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.2
  • AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CWEs:

Software From Fixed in
nodejs / node.js 14.0.0 14.14.0.x
nodejs / node.js 16.0.0 16.12.0.x
nodejs / node.js 18.0.0 18.11.0.x
nodejs / node.js 18.0.0 18.14.1
nodejs / node.js 16.0.0 16.19.1
nodejs / node.js 19.0.0 19.6.1
nodejs / node.js 14.0.0 14.21.3
debian / debian_linux 10.0 10.0.x