CVE-2023-23920
4.2MEDIUMAn untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated priv
Published: 2/23/2023Updated: 3/17/2025
Description
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
AI AnalysisPowered by AI
Affected Products
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
nodejsnode.js
debiandebian_linux
10.0
References
- https://lists.debian.org/debian-lts-announce/2023/02/msg00038.htmlMailing List
- https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/PatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230316-0008/
- https://www.debian.org/security/2023/dsa-5395
- https://lists.debian.org/debian-lts-announce/2023/02/msg00038.htmlMailing List
- https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/PatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230316-0008/
- https://www.debian.org/security/2023/dsa-5395