PT-2023-2765 · Node.Js+10 · Node.Js+10
Ben Noordhuis
·
Published
2023-02-16
·
Updated
2026-05-18
·
CVE-2023-23920
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Node.js versions prior to 19.6.1
Node.js versions prior to 18.14.1
Node.js versions prior to 16.19.1
Node.js versions prior to 14.21.3
Description
An untrusted search path issue exists that could allow an attacker to search and potentially load ICU data when running with elevated privileges, potentially leading to privilege escalation.
Recommendations
For versions prior to 19.6.1, update to version 19.6.1 or later.
For versions prior to 18.14.1, update to version 18.14.1 or later.
For versions prior to 16.19.1, update to version 16.19.1 or later.
For versions prior to 14.21.3, update to version 14.21.3 or later.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Node.Js
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu