Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
Typeapk
Namespacealpine
Namenodejs
Version18.14.1-r0
Qualifiers
arch s390x
distroversion v3.21
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version18.17.1-r0
Latest_non_vulnerable_version22.22.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-479b-h1wc-s7en
vulnerability_id VCID-479b-h1wc-s7en
summary 
CRLF Injection in Nodejs ‘undici’ via host
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23936.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56792
published_at 2026-06-04T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.56823
published_at 2026-06-08T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.56838
published_at 2026-06-07T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.5685
published_at 2026-06-06T12:55:00Z
4
value 0.00337
scoring_system epss
scoring_elements 0.56843
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23936
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/reports/1820955
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://hackerone.com/reports/1820955
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
reference_id 2172190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172190
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
reference_id CVE-2023-23936
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23936
10
reference_url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r9g-qh6m-jxff
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
reference_id GHSA-5r9g-qh6m-jxff
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:48Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23936, GHSA-5r9g-qh6m-jxff
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-479b-h1wc-s7en
1
url VCID-mpjn-gfef-qfef
vulnerability_id VCID-mpjn-gfef-qfef
summary An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24027
published_at 2026-06-04T12:55:00Z
1
value 0.00082
scoring_system epss
scoring_elements 0.23999
published_at 2026-06-09T12:55:00Z
2
value 0.00082
scoring_system epss
scoring_elements 0.24124
published_at 2026-06-05T12:55:00Z
3
value 0.00082
scoring_system epss
scoring_elements 0.24106
published_at 2026-06-06T12:55:00Z
4
value 0.00082
scoring_system epss
scoring_elements 0.24052
published_at 2026-06-07T12:55:00Z
5
value 0.00082
scoring_system epss
scoring_elements 0.23994
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23920
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
reference_id 2172217
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172217
6
reference_url https://www.debian.org/security/2023/dsa-5395
reference_id dsa-5395
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://www.debian.org/security/2023/dsa-5395
7
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
8
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html
9
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:22:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
10
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
11
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
12
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
13
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
14
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
15
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
16
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
17
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
18
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
19
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23920
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpjn-gfef-qfef
2
url VCID-pn33-qa2t-ducr
vulnerability_id VCID-pn33-qa2t-ducr
summary A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23919
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55283
published_at 2026-06-04T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.55337
published_at 2026-06-09T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.5534
published_at 2026-06-05T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.55347
published_at 2026-06-06T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.55336
published_at 2026-06-07T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.55317
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23919
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
4
reference_url https://hackerone.com/reports/1808596
reference_id 1808596
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://hackerone.com/reports/1808596
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172170
reference_id 2172170
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172170
6
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
7
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T14:26:46Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
8
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
9
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
10
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
11
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23919
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pn33-qa2t-ducr
3
url VCID-xutk-5udd-z7es
vulnerability_id VCID-xutk-5udd-z7es
summary 
Regular Expression Denial of Service in Headers
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods is vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-24807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
reference_id
reference_type
scores
0
value 0.00305
scoring_system epss
scoring_elements 0.54064
published_at 2026-06-09T12:55:00Z
1
value 0.00305
scoring_system epss
scoring_elements 0.54012
published_at 2026-06-04T12:55:00Z
2
value 0.00305
scoring_system epss
scoring_elements 0.54069
published_at 2026-06-05T12:55:00Z
3
value 0.00305
scoring_system epss
scoring_elements 0.54076
published_at 2026-06-06T12:55:00Z
4
value 0.00305
scoring_system epss
scoring_elements 0.54065
published_at 2026-06-07T12:55:00Z
5
value 0.00305
scoring_system epss
scoring_elements 0.54042
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24807
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/nodejs/undici
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/nodejs/undici
4
reference_url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf
5
reference_url https://github.com/nodejs/undici/releases/tag/v5.19.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/releases/tag/v5.19.1
6
reference_url https://hackerone.com/bugs?report_id=1784449
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://hackerone.com/bugs?report_id=1784449
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
reference_id 1031418
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031418
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
reference_id 2172204
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2172204
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
reference_id CVE-2023-24807
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24807
10
reference_url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
11
reference_url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
reference_id GHSA-r6ch-mqf9-qc9w
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:58:28Z/
url https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
12
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
13
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
14
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
15
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
16
reference_url https://access.redhat.com/errata/RHSA-2023:5533
reference_id RHSA-2023:5533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5533
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-24807, GHSA-r6ch-mqf9-qc9w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xutk-5udd-z7es
4
url VCID-zgxz-hu6u-bbb4
vulnerability_id VCID-zgxz-hu6u-bbb4
summary A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23918.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05851
published_at 2026-06-04T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05845
published_at 2026-06-09T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05873
published_at 2026-06-05T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05863
published_at 2026-06-06T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05865
published_at 2026-06-07T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.0582
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23918
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
reference_id 1031834
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031834
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
reference_id 2171935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2171935
5
reference_url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
reference_id february-2023-security-releases
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/
6
reference_url https://security.netapp.com/advisory/ntap-20230316-0008/
reference_id ntap-20230316-0008
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T17:47:16Z/
url https://security.netapp.com/advisory/ntap-20230316-0008/
7
reference_url https://access.redhat.com/errata/RHSA-2023:1533
reference_id RHSA-2023:1533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1533
8
reference_url https://access.redhat.com/errata/RHSA-2023:1582
reference_id RHSA-2023:1582
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1582
9
reference_url https://access.redhat.com/errata/RHSA-2023:1583
reference_id RHSA-2023:1583
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1583
10
reference_url https://access.redhat.com/errata/RHSA-2023:1742
reference_id RHSA-2023:1742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1742
11
reference_url https://access.redhat.com/errata/RHSA-2023:1743
reference_id RHSA-2023:1743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1743
12
reference_url https://access.redhat.com/errata/RHSA-2023:1744
reference_id RHSA-2023:1744
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1744
13
reference_url https://access.redhat.com/errata/RHSA-2023:2654
reference_id RHSA-2023:2654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2654
14
reference_url https://access.redhat.com/errata/RHSA-2023:2655
reference_id RHSA-2023:2655
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2655
fixed_packages
0
url pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
purl pkg:apk/alpine/nodejs@18.14.1-r0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main
aliases CVE-2023-23918
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgxz-hu6u-bbb4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/nodejs@18.14.1-r0%3Farch=s390x&distroversion=v3.21&reponame=main