CVE-2023-22963

Name of the Vulnerable Software and Affected Versions personnummer versions prior to 3.0.3 Dart versions prior to 3.0.3 C# versions prior to 3.0.2 Elixir versions prior to 3.0.0 Go versions prior to 3.0.1 Java versions prior to 3.3.0 JavaScript versions prior to 3.1.0 Kotlin versions prior to 1.1.0 Lua versions prior to 3.0.1 PHP versions prior to 3.0.2 Perl versions prior to 3.0.0 Python versions prior to 3.0.2 Ruby versions prior to 3.0.1 Rust versions prior to 3.0.0 Scala versions prior to 3.0.1 Swift versions prior to 1.0.1

Description The personnummer implementation mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. This issue is determined to be low severity and impacts users who rely on the last digits of personnummer to be a real personnummer.

Recommendations Update Dart to version 3.0.3 or later. Update C# to version 3.0.2 or later. Update Elixir to version 3.0.0 or later. Update Go to version 3.0.1 or later. Update Java to version 3.3.0 or later. Update JavaScript to version 3.1.0 or later. Update Kotlin to version 1.1.0 or later. Update Lua to version 3.0.1 or later. Update PHP to version 3.0.2 or later. Update Perl to version 3.0.0 or later. Update Python to version 3.0.2 or later. Update Ruby to version 3.0.1 or later. Update Rust to version 3.0.0 or later. Update Scala to version 3.0.1 or later. Update Swift to version 1.0.1 or later. As a temporary workaround, consider adding a check on the last four digits to ensure it's not 000x.