Lucene search

[email protected]NVD:CVE-2023-26820

HistoryApr 07, 2023 - 3:15 a.m.

CVE-2023-26820

2023-04-0703:15:06

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-26820

siteproxy v1.0

path traversal

index.js

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.2%

JSON

siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js.

Affected configurations

Nvd

Node

siteproxy_projectsiteproxyMatch1.0

VendorProductVersionCPE
siteproxy_projectsiteproxy1.0cpe:2.3:a:siteproxy_project:siteproxy:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siteproxy_project	siteproxy	1.0	cpe:2.3:a:siteproxy_project:siteproxy:1.0:::::::*

References

github.com/netptop/siteproxy/issues/67

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.2%

JSON

Related for NVD:CVE-2023-26820

prion1 cvelist1 cve1 osv1