First published: Thu Feb 16 2023(Updated: )
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/nodejs | <18-9020020230327152102.rhel9 | 18-9020020230327152102.rhel9 |
redhat/nodejs | <1:16.19.1-1.el9_2 | 1:16.19.1-1.el9_2 |
redhat/nodejs | <1:16.20.2-1.el9_0 | 1:16.20.2-1.el9_0 |
redhat/rh-nodejs14 | <0:3.6-2.el7 | 0:3.6-2.el7 |
redhat/rh-nodejs14-nodejs | <0:14.21.3-2.el7 | 0:14.21.3-2.el7 |
Nodejs Node.js | >=14.0.0<=14.14.0 | |
Nodejs Node.js | >=14.0.0<14.21.3 | |
Nodejs Node.js | >=16.0.0<=16.12.0 | |
Nodejs Node.js | >=16.0.0<16.19.1 | |
Nodejs Node.js | >=18.0.0<=18.11.0 | |
Nodejs Node.js | >=18.0.0<18.14.1 | |
Nodejs Node.js | >=19.0.0<19.6.1 | |
Debian Debian Linux | =10.0 | |
IBM Cognos Dashboards on Cloud Pak for Data | <=4.7.0 | |
redhat/Node.js | <19.6.1 | 19.6.1 |
redhat/Node.js | <18.14.1 | 18.14.1 |
redhat/Node.js | <16.19.1 | 16.19.1 |
redhat/Node.js | <14.21.3 | 14.21.3 |
ubuntu/nodejs | <10.19.0~dfsg-3ubuntu1.5 | 10.19.0~dfsg-3ubuntu1.5 |
ubuntu/nodejs | <12.22.9~dfsg-1ubuntu3.4 | 12.22.9~dfsg-1ubuntu3.4 |
ubuntu/nodejs | <18.13.0+dfsg1-1ubuntu2.1 | 18.13.0+dfsg1-1ubuntu2.1 |
debian/nodejs | <=10.24.0~dfsg-1~deb10u1<=18.13.0+dfsg1-1 | 10.24.0~dfsg-1~deb10u4 12.22.12~dfsg-1~deb11u4 18.19.0+dfsg-6~deb12u1 18.20.1+dfsg-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)