vulnerability

Oracle Linux: CVE-2023-23920: ELSA-2023-1582: nodejs:16 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:L/AC:L/Au:M/C:N/I:C/A:N)	2023-02-16	2023-04-05	2025-01-08

Severity

CVSS

(AV:L/AC:L/Au:M/C:N/I:C/A:N)

Published

2023-02-16

Added

2023-04-05

Modified

2025-01-08

Description

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Solution(s)

oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-libsoracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-nodejs-packaging-bundleroracle-linux-upgrade-npm

References

CVE-2023-23920
https://attackerkb.com/topics/CVE-2023-23920
ELSA-ELSA-2023-1582
ELSA-ELSA-2023-2654
ELSA-ELSA-2023-2655
ELSA-ELSA-2023-1583
ELSA-ELSA-2023-1743

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today