Red Hat: CVE-2023-23920: insecure loading of ICU data through ICU_DATA environment variable (Multiple Advisories)

Red Hat: CVE-2023-23920: insecure loading of ICU data through ICU_DATA environment variable (Multiple Advisories)

Severity

4

CVSS

(AV:L/AC:M/Au:M/C:N/I:C/A:N)

Published

02/23/2023

Created

04/04/2023

Added

04/03/2023

Modified

01/28/2025

Description

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Solution(s)

• redhat-upgrade-nodejs
• redhat-upgrade-nodejs-debuginfo
• redhat-upgrade-nodejs-debugsource
• redhat-upgrade-nodejs-devel
• redhat-upgrade-nodejs-docs
• redhat-upgrade-nodejs-full-i18n
• redhat-upgrade-nodejs-libs
• redhat-upgrade-nodejs-libs-debuginfo
• redhat-upgrade-nodejs-nodemon
• redhat-upgrade-nodejs-packaging
• redhat-upgrade-nodejs-packaging-bundler
• redhat-upgrade-npm

References

• CVE-2023-23920
• RHSA-2023:1533
• RHSA-2023:1582
• RHSA-2023:1583
• RHSA-2023:1742
• RHSA-2023:1743
• RHSA-2023:2654
• RHSA-2023:2655
• RHSA-2023:5533

View more