Vulnerabilities > CVE-2023-25344

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

swig-templates-project

swig-project

critical

NVD

Published: 2023-03-15

Updated: 2024-11-21

Summary

An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.

Vulnerable Configurations

Part	Description	Count
Application	Swig-Templates_Project Swig Templates Project Swig Templates - Swig Templates Project Swig Templates 2.0.4	2
Application	Swig_Project Swig Project Swig - Swig Project Swig 1.4.2	2

References

https://github.com/node-swig/swig-templates/issues/89
https://github.com/node-swig/swig-templates/issues/89
https://www.gem-love.com/2023/02/01/Swig%E6%A8%A1%E6%9D%BF%E5%BC%95%E6%93%8E0day%E6%8C%96%E6%8E%98-%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E5%92%8C%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/
https://www.gem-love.com/2023/02/01/Swig%E6%A8%A1%E6%9D%BF%E5%BC%95%E6%93%8E0day%E6%8C%96%E6%8E%98-%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E5%92%8C%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96/

Vulnerabilities > CVE-2023-25344 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-25344"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-25344