CVE-2023-42183

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Dec 28, 2023

CWE ID 116

Summary

CVE-2023-42183 is a vulnerability affecting the lockss-daemon, also known as the Classic LOCKSS Daemon, before version 1.77.3. This issue arises due to the daemon's failure to properly perform post-Unicode normalization, allowing potential bypass of intended access restrictions. Specifically, when the character U+1FEF (a reverse solidus) is present, it may be converted into a backtick, thereby circumventing intended restrictions. This could lead to unauthorized access or other security concerns. It is recommended that users upgrade to the latest version of the lockss-daemon to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Vendors

LOCKSS

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners