ByteOS Network

NVD Vulnerability Details :

CVE-2023-49210

Modified

Source-cve@mitre.org

Published At-23 Nov, 2023 | 20:15

Updated At-02 Aug, 2024 | 22:16

The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

node-openssl_project>>node-openssl>>Versions up to 2.0.0(inclusive)

cpe:2.3:a:node-openssl_project:node-openssl:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Primary	nvd@nist.gov

CWE ID: CWE-77

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e	cve@mitre.org	Exploit Third Party Advisory
https://github.com/ossf/malicious-packages/tree/main/malicious/npm	cve@mitre.org	Patch
https://www.npmjs.com/package/openssl	cve@mitre.org	Product

Hyperlink: https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://github.com/ossf/malicious-packages/tree/main/malicious/npm

Source: cve@mitre.org

Resource:

Patch

Hyperlink: https://www.npmjs.com/package/openssl

Source: cve@mitre.org

Resource:

Product

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History