CVE-2023-2848

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-2848
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2848.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-2848
Downstream
Published
2023-09-14T12:15:07.737Z
Modified
2026-04-10T04:56:56.936567Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.

References

Affected packages

Git / github.com/movim/movim

Affected ranges

Type
GIT
Repo
https://github.com/movim/movim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d165bd6ee4121ec7a760b6669fd3e324942b4f2a
Fixed
49e2012aecdf918bb1d16f278fa9ff42fad29a9d
Fixed
96372082acd3e5d778a2522a60a1805bf2af31f6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.22"
        }
    ]
}

Affected versions

0.*
0.14.1
v0.*
v0.1
v0.10
v0.11
v0.11alpha1
v0.13
v0.14
v0.14.1
v0.14.1rc
v0.14.1rc2
v0.14.1rc3
v0.14.1rc4
v0.14.1rc5
v0.14.2rc4
v0.14.2rc5
v0.14.2rc6
v0.14.2rc7
v0.14alpha2
v0.14alpha5
v0.14alpha6
v0.14beta
v0.14rc
v0.14rc2
v0.15
v0.15rc1
v0.16
v0.16.1
v0.17
v0.17.1
v0.18
v0.18.1rc0
v0.18.1rc1
v0.18.1rc2
v0.18.1rc3
v0.18.1rc4
v0.18.1rc5
v0.18.1rc6
v0.18.1rc7
v0.18.1rc8
v0.18rc1
v0.18rc10
v0.18rc11
v0.18rc12
v0.18rc13
v0.18rc14
v0.18rc2
v0.18rc3
v0.18rc4
v0.18rc5
v0.18rc6
v0.18rc7
v0.18rc8
v0.18rc9
v0.19
v0.19.1rc2
v0.19.1rc3
v0.19.1rc4
v0.19.1rc5
v0.19.1rc6
v0.19.1rc7
v0.19rc1
v0.19rc2
v0.19rc3
v0.2
v0.20
v0.20rc0
v0.20rc1
v0.20rc2
v0.20rc3
v0.20rc4
v0.20rc6
v0.21
v0.21.1
v0.21rc0
v0.21rc1
v0.21rc10
v0.21rc11
v0.21rc2
v0.21rc3
v0.21rc4
v0.21rc5
v0.21rc6
v0.21rc7
v0.21rc8
v0.21rc9
v0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2848.json"