CVE-2023-37360

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-37360

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37360.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-37360

Aliases

GHSA-62q6-v997-f7v9
PYSEC-2023-93

Downstream

UBUNTU-CVE-2023-37360

Related

GHSA-62q6-v997-f7v9

Published

2023-06-30T18:15:10Z

Modified

2025-01-14T11:49:28.932486Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

References

Affected packages

Debian:11 / pacparser

Package

Name: pacparser
Purl: pkg:deb/debian/pacparser?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.6-1.2

1.3.6-1.3

1.3.6-1.4

1.4.3-1

1.4.5-1

1.4.5-2

1.4.5-3

1.4.5-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pacparser

Package

Name: pacparser
Purl: pkg:deb/debian/pacparser?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.6-1.4

1.4.3-1

1.4.5-1

1.4.5-2

1.4.5-3

1.4.5-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pacparser

Package

Name: pacparser
Purl: pkg:deb/debian/pacparser?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.3-1

Affected versions

1.*

1.3.6-1.4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/manugarg/pacparser

Affected ranges

Type: GIT
Repo: https://github.com/manugarg/pacparser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0bf0636de624996fe202b51eec8a58abd774269e

Affected versions

1.*

1.2.0rc2

1.2.0rc3

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.7rc2

1.3.7rc3

1.3.7rc4

1.3.7rc5

1.3.7rc6

release-1.*

release-1.0.0

release-1.0.1

release-1.0.2

release-1.0.3

release-1.0.4

release-1.0.5

release-1.0.6

release-1.0.8

release-1.0.9

release-1.1.0

release-1.1.1

Other

trunk

v1.*

v1.3.8

v1.3.9

v1.4.0

v1.4.1