CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type: GIT
Repo: https://github.com/nodejs/node
Events: Introduced

49a77a5a996a49e8cb728eed42e55a7c1a9eef6e

Fixed

7bc2cf7fa9a2016fadb27e042968a69297bd975e

Introduced

7162e686b18d22b4385fa5c04274fb04dbd810c7

Fixed

96a4559f259f109a2abc480caeba12644b8a8fd1

Introduced

cc993fb2760d01457955f5b9ff787d559ed1c34e

Fixed

a9d1e5059f9cc63cafc8e786a7b6332aa7ab3b2b

Introduced

73aa21658dfa6a22c06451d080152b32b1f98dbe

Fixed

edd64fe5ba20c6c2f53720c672c591f09d9d4ac0

Affected versions

v14.*

v14.0.0

v14.1.0

v14.10.0

v14.10.1

v14.11.0

v14.12.0

v14.13.0

v14.13.1

v14.14.0

v14.15.0

v14.15.1

v14.15.2

v14.15.3

v14.15.4

v14.15.5

v14.16.0

v14.16.1

v14.17.0

v14.17.1

v14.17.2

v14.17.3

v14.17.4

v14.17.5

v14.17.6

v14.18.0

v14.18.1

v14.18.2

v14.18.3

v14.19.0

v14.19.1

v14.19.2

v14.19.3

v14.2.0

v14.20.0

v14.20.1

v14.21.0

v14.21.1

v14.21.2

v14.3.0

v14.4.0

v14.5.0

v14.6.0

v14.7.0

v14.8.0

v14.9.0

v16.*

v16.0.0

v16.1.0

v16.10.0

v16.11.0

v16.11.1

v16.12.0

v16.13.0

v16.13.1

v16.13.2

v16.14.0

v16.14.1

v16.14.2

v16.15.0

v16.15.1

v16.16.0

v16.17.0

v16.17.1

v16.18.0

v16.18.1

v16.19.0

v16.2.0

v16.3.0

v16.4.0

v16.4.1

v16.4.2

v16.5.0

v16.6.0

v16.6.1

v16.6.2

v16.7.0

v16.8.0

v16.9.0

v16.9.1

v18.*

v18.0.0

v18.1.0

v18.10.0

v18.11.0

v18.12.0

v18.12.1

v18.13.0

v18.14.0

v18.2.0

v18.3.0

v18.4.0

v18.5.0

v18.6.0

v18.7.0

v18.8.0

v18.9.0

v18.9.1

v19.*

v19.0.0

v19.0.1

v19.1.0

v19.2.0

v19.3.0

v19.4.0

v19.5.0

v19.6.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23920.json"