vulnerability

Lucee: CVE-2023-38693: Lucee CVE Security Alert

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Sep 15, 2023	Feb 5, 2024	Mar 6, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Sep 15, 2023

Added

Feb 5, 2024

Modified

Mar 6, 2025

Description

The Lucee team received a responsible disclosure for a security vulnerability which affects many previous releases of Lucee. Anyone running these older releases are advised to hotfix immediately and then make plans to upgrade to the latest 5.4.3.2 Stable Release, which includes further additional hardening, as well as updated CVE free java libraries.

Solution

lucee-upgrade-latest

References

CVE-2023-38693
https://attackerkb.com/topics/CVE-2023-38693
URL-https://dev.lucee.org/t/lucee-critical-security-alert-august-15th-2023-cve-2023-38693/12893

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today