CVE-2023-40023
- Source
- https://cve.org/CVERecord?id=CVE-2023-40023
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40023.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-40023
- Aliases
- Published
- 2023-08-14T19:59:44.679Z
- Modified
- 2026-04-02T09:18:05.207134Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading
- Details
-
yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/40xxx/CVE-2023-40023.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git / github.com/yaklang/yaklang
Affected ranges
- Type
- GIT
- Repo
- https://github.com/yaklang/yaklang
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.4.4-beta16
1.4.4-beta17
1.4.4-beta18
1.4.5-alaha1225-diff-check
1.4.5-alpha1225-diff-check
1.4.5-beta1
1.4.5-beta10
1.4.5-beta11
1.4.5-beta12
1.4.5-beta13
1.4.5-beta14
1.4.5-beta15
1.4.5-beta2
1.4.5-beta3
1.4.5-beta4
1.4.5-beta5
1.4.5-beta6
1.4.5-beta7
1.4.5-beta8
1.4.5-beta9
1.4.5-irify-beta1
1.4.5-irify-beta2
1.4.6-beta1
1.4.6-beta3
1.4.6-beta4
1.4.6-beta5
v1.*
v1.2.0-sp6
v1.2.0-sp7
v1.2.0-sp8
v1.2.1
v1.2.1-sp1
v1.2.1-sp2
v1.2.1-sp3
v1.2.1-sp4
v1.2.1-sp5
v1.2.1-sp6
v1.2.1-sp7
v1.2.1-sp8
v1.2.1-sp9
v1.2.2
v1.2.2-sp1
v1.2.2-sp2
v1.2.2-sp3
v1.2.2-sp4
v1.2.2-sp5
v1.2.2-sp6
v1.2.2-sp7
v1.2.3
v1.2.3-sp1
v1.2.3-sp2
v1.2.3-sp3
v1.2.4
v1.4.4-alpha1205
v1.4.4-alpha1205a
v1.4.4-alpha1209a
v1.4.4-alpha1210
v1.4.4-alpha1210-diff-check
v1.4.4-alpha1212-legion01
v1.4.4-beta16
v1.4.4-beta17
v1.4.4-beta18
v1.4.5-alaha1225-diff-check
v1.4.5-alpha0114
v1.4.5-alpha0203
v1.4.5-alpha0205
v1.4.5-alpha0225
v1.4.5-alpha0227
v1.4.5-alpha0228
v1.4.5-alpha0310
v1.4.5-alpha0310a
v1.4.5-alpha0311
v1.4.5-alpha1215
v1.4.5-alpha1216
v1.4.5-alpha1216-hooks-loader
v1.4.5-alpha1216-hooks-loader2
v1.4.5-alpha1217-get-plugin-id
v1.4.5-alpha1218
v1.4.5-alpha1221
v1.4.5-alpha1222
v1.4.5-alpha1222-kb-created-from-ui
v1.4.5-alpha1224
v1.4.5-alpha1225
v1.4.5-alpha1225-diff-check
v1.4.5-alpha1225-pe-status
v1.4.5-alpha260109
v1.4.5-alpha260127
v1.4.5-alpha260129
v1.4.5-alpha260210
v1.4.5-beta1
v1.4.5-beta10
v1.4.5-beta11
v1.4.5-beta12
v1.4.5-beta13
v1.4.5-beta14
v1.4.5-beta15
v1.4.5-beta16
v1.4.5-beta2
v1.4.5-beta3
v1.4.5-beta4
v1.4.5-beta5
v1.4.5-beta6
v1.4.5-beta7
v1.4.5-beta8
v1.4.5-beta9
v1.4.5-irify-alpha0127
v1.4.5-irify-alpha0130
v1.4.5-irify-alpha0202
v1.4.5-irify-beta1
v1.4.5-irify-beta2
v1.4.6-alpha0316
v1.4.6-alpha0319
v1.4.6-alpha0319a
v1.4.6-alpha0322
v1.4.6-alpha0402
v1.4.6-alpha_irify0402
v1.4.6-beta1
v1.4.6-beta2
v1.4.6-beta3
v1.4.6-beta4
v1.4.6-beta5