CVE-2023-23920

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-23920
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23920.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-23920
Aliases
Downstream
Related
Published
2023-02-23T20:15:14.047Z
Modified
2026-03-15T14:11:52.588585Z
Severity
  • 4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Last affected
354b6a93bd1d66f1833489d6fe01a2b0e8f6aff9
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Fixed
edd64fe5ba20c6c2f53720c672c591f09d9d4ac0
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Last affected
49415500bb1bf51a1fade5ea2d03f3988ecabc25
Introduced
7162e686b18d22b4385fa5c04274fb04dbd810c7
Fixed
96a4559f259f109a2abc480caeba12644b8a8fd1
Introduced
49a77a5a996a49e8cb728eed42e55a7c1a9eef6e
Last affected
8c1dd95f3cc5d91acb9ce8994b3ac45ab927178f
Introduced
49a77a5a996a49e8cb728eed42e55a7c1a9eef6e
Fixed
7bc2cf7fa9a2016fadb27e042968a69297bd975e
Introduced
cc993fb2760d01457955f5b9ff787d559ed1c34e
Fixed
a9d1e5059f9cc63cafc8e786a7b6332aa7ab3b2b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
cf41627411886000429bde058a6594fb7f6d6d47
Database specific 
{
    "versions": [
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.14.0"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.21.3"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "last_affected": "16.12.0"
        },
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.19.1"
        },
        {
            "introduced": "18.0.0"
        },
        {
            "last_affected": "18.11.0"
        },
        {
            "introduced": "18.0.0"
        },
        {
            "fixed": "18.14.1"
        },
        {
            "introduced": "19.0.0"
        },
        {
            "fixed": "19.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        }
    ]
}

Affected versions

v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.15.1
v14.15.2
v14.15.3
v14.15.4
v14.15.5
v14.16.0
v14.16.1
v14.17.0
v14.17.1
v14.17.2
v14.17.3
v14.17.4
v14.17.5
v14.17.6
v14.18.0
v14.18.1
v14.18.2
v14.18.3
v14.19.0
v14.19.1
v14.19.2
v14.19.3
v14.2.0
v14.20.0
v14.20.1
v14.21.0
v14.21.1
v14.21.2
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v16.*
v16.0.0
v16.1.0
v16.10.0
v16.11.0
v16.11.1
v16.12.0
v16.13.0
v16.13.1
v16.13.2
v16.14.0
v16.14.1
v16.14.2
v16.15.0
v16.15.1
v16.16.0
v16.17.0
v16.17.1
v16.18.0
v16.18.1
v16.19.0
v16.2.0
v16.3.0
v16.4.0
v16.4.1
v16.4.2
v16.5.0
v16.6.0
v16.6.1
v16.6.2
v16.7.0
v16.8.0
v16.9.0
v16.9.1
v18.*
v18.0.0
v18.1.0
v18.10.0
v18.11.0
v18.12.0
v18.12.1
v18.13.0
v18.14.0
v18.2.0
v18.3.0
v18.4.0
v18.5.0
v18.6.0
v18.7.0
v18.8.0
v18.9.0
v18.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23920.json"