Lucene search

[email protected]CVE-2023-52121

HistoryJan 05, 2024 - 10:15 a.m.

CVE-2023-52121

2024-01-0510:15:13

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-52121

cross-site request forgery

csrf

nitropack inc

nitropack

cache & speed optimization

core web vitals

defer css

javascript

lazy load images

security vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.

Affected configurations

Vulners

NVD

Node

nitropack_inc.nitropack_–_cache_\&_speed_optimization_for_core_web_vitals\,_defer_css_\&_javascript\,_lazy_load_imagesRange≤1.10.2

CPENameOperatorVersion
nitropack:nitropacknitropackle1.10.2

CPE	Name	Operator	Version
nitropack:nitropack	nitropack	le	1.10.2

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "nitropack",
    "product": "NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images",
    "vendor": "NitroPack Inc.",
    "versions": [
      {
        "changes": [
          {
            "at": "1.10.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.10.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]