Bug 2172217 (CVE-2023-23920)
| Summary: | CVE-2023-23920 Node.js: insecure loading of ICU data through ICU_DATA environment variable | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Zack Miele <zmiele> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | amackenz, amasferr, chazlett, hhorak, jorton, mkudlej, nodejs-maint, tjochec, zsvetlik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Node.js 19.6.1, Node.js 18.14.1, Node.js 16.19.1, Node.js 14.21.3 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-09 20:50:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2172218, 2172219, 2172220, 2172221, 2172222, 2172223, 2172224, 2172225, 2172226, 2172227, 2172228, 2172229, 2172230, 2175845, 2175846, 2175847, 2175848, 2178184, 2178185, 2178186, 2180006, 2180007, 2180008, 2180009, 2180010, 2180011, 2180012 | ||
| Bug Blocks: | 2171920 | ||
|
Description
Zack Miele
2023-02-21 16:32:33 UTC
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 2172218] Affects: fedora-all [bug 2172220] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172221] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-all [bug 2172219] Created nodejs:16/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172222] Created nodejs:18/nodejs tracking bugs for this issue: Affects: fedora-all [bug 2172223] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1533 https://access.redhat.com/errata/RHSA-2023:1533 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1582 https://access.redhat.com/errata/RHSA-2023:1582 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1583 https://access.redhat.com/errata/RHSA-2023:1583 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1742 https://access.redhat.com/errata/RHSA-2023:1742 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1743 https://access.redhat.com/errata/RHSA-2023:1743 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:1744 https://access.redhat.com/errata/RHSA-2023:1744 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2654 https://access.redhat.com/errata/RHSA-2023:2654 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2655 https://access.redhat.com/errata/RHSA-2023:2655 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-23920 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:5533 https://access.redhat.com/errata/RHSA-2023:5533 |