search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2023-44487 - b600cbaf #4233

Closed witchcraze closed 7 months ago

witchcraze commented 7 months ago

[CVE Configuration Update Request] Update Suggestion - CVE-2023-44487 - Cvss3 : 7.5

https://github.com/witchcraze/NVD_CHECK/blob/main/Nodejs/CVE-2023-44487.json

- CVE-2023-44487
- Suggested Configuration
  - OR
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 18.0.0 up to (excluding) 18.18.2
     *cpe:2.3:cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* versions from (including) 20.0.0 up to (excluding) 20.8.1
- Reference
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md
  - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md
  - https://github.com/nodejs/security-wg/blob/main/vuln/core/126.json
- I Checked
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2023-44487 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:redhat:enterprise_linux:9.0
cpe:/o:redhat:enterprise_linux:8.0
cpe:/o:redhat:enterprise_linux:6.0
cpe:/o:microsoft:windows_server_2022:-
cpe:/o:microsoft:windows_server_2019:-
cpe:/o:microsoft:windows_server_2016:-
cpe:/o:microsoft:windows_11_22h2 10.0.22621.2428
cpe:/o:microsoft:windows_11_21h2 10.0.22000.2538
cpe:/o:microsoft:windows_10_22h2 10.0.19045.3570
cpe:/o:microsoft:windows_10_21h2 10.0.19044.3570
cpe:/o:microsoft:windows_10_1809 10.0.17763.4974
cpe:/o:microsoft:windows_10_1607:::~~~~x86~ 10.0.14393.6351
cpe:/o:microsoft:windows_10_1607:::~~~~x64~ 10.0.14393.6351
cpe:/o:fedoraproject:fedora:38
cpe:/o:fedoraproject:fedora:37
cpe:/o:debian:debian_linux:12.0
cpe:/o:debian:debian_linux:11.0
cpe:/o:debian:debian_linux:10.0
cpe:/o:cisco:secure_web_appliance_firmware 15.1.0
cpe:/o:cisco:nx-os 10.2(7)
cpe:/o:cisco:nx-os 10.2(7)
cpe:/o:cisco:nx-os 10.3(1) 10.3(5)
cpe:/o:cisco:nx-os 10.3(1) 10.3(5)
cpe:/o:cisco:ios_xr 7.11.2
cpe:/o:cisco:ios_xe 17.15.1
cpe:/o:cisco:fog_director 1.22
cpe:/a:varnish_cache_project:varnish_cache 2023-10-10
cpe:/a:traefik:traefik:3.0.0:beta3
cpe:/a:traefik:traefik:3.0.0:beta2
cpe:/a:traefik:traefik:3.0.0:beta1
cpe:/a:traefik:traefik 2.10.5
cpe:/a:redhat:web_terminal:-
cpe:/a:redhat:support_for_spring_boot:-
cpe:/a:redhat:single_sign-on:7.0
cpe:/a:redhat:service_telemetry_framework:1.5
cpe:/a:redhat:service_interconnect:1.0
cpe:/a:redhat:self_node_remediation_operator:-
cpe:/a:redhat:satellite:6.0
cpe:/a:redhat:run_once_duration_override_operator:-
cpe:/a:redhat:quay:3.0.0
cpe:/a:redhat:process_automation:7.0
cpe:/a:redhat:openstack_platform:17.1
cpe:/a:redhat:openstack_platform:16.2
cpe:/a:redhat:openstack_platform:16.1
cpe:/a:redhat:openshift_virtualization:4
cpe:/a:redhat:openshift_service_mesh:2.0
cpe:/a:redhat:openshift_serverless:-
cpe:/a:redhat:openshift_secondary_scheduler_operator:-
cpe:/a:redhat:openshift_sandboxed_containers:-
cpe:/a:redhat:openshift_pipelines:-
cpe:/a:redhat:openshift_gitops:-
cpe:/a:redhat:openshift_distributed_tracing:-
cpe:/a:redhat:openshift_developer_tools_and_services:-
cpe:/a:redhat:openshift_dev_spaces:-
cpe:/a:redhat:openshift_data_science:-
cpe:/a:redhat:openshift_container_platform_assisted_installer:-
cpe:/a:redhat:openshift_container_platform:4.0
cpe:/a:redhat:openshift_api_for_data_protection:-
cpe:/a:redhat:openshift:-::~aws
cpe:/a:redhat:node_maintenance_operator:-
cpe:/a:redhat:node_healthcheck_operator:-
cpe:/a:redhat:network_observability_operator:-
cpe:/a:redhat:migration_toolkit_for_virtualization:-
cpe:/a:redhat:migration_toolkit_for_containers:-
cpe:/a:redhat:migration_toolkit_for_applications:6.0
cpe:/a:redhat:machine_deletion_remediation_operator:-
cpe:/a:redhat:logging_subsystem_for_red_hat_openshift:-
cpe:/a:redhat:jboss_fuse:7.0.0
cpe:/a:redhat:jboss_fuse:6.0.0
cpe:/a:redhat:jboss_enterprise_application_platform:7.0.0
cpe:/a:redhat:jboss_enterprise_application_platform:6.0.0
cpe:/a:redhat:jboss_data_grid:7.0.0
cpe:/a:redhat:jboss_core_services:-
cpe:/a:redhat:jboss_a-mq_streams:-
cpe:/a:redhat:jboss_a-mq:7
cpe:/a:redhat:integration_service_registry:-
cpe:/a:redhat:integration_camel_k:-
cpe:/a:redhat:integration_camel_for_spring_boot:-
cpe:/a:redhat:fence_agents_remediation_operator:-
cpe:/a:redhat:decision_manager:7.0
cpe:/a:redhat:cryostat:2.0
cpe:/a:redhat:cost_management:-
cpe:/a:redhat:certification_for_red_hat_enterprise_linux:9.0
cpe:/a:redhat:certification_for_red_hat_enterprise_linux:8.0
cpe:/a:redhat:cert-manager_operator_for_red_hat_openshift:-
cpe:/a:redhat:ceph_storage:5.0
cpe:/a:redhat:build_of_quarkus:-
cpe:/a:redhat:build_of_optaplanner:8.0
cpe:/a:redhat:ansible_automation_platform:2.0
cpe:/a:redhat:advanced_cluster_security:4.0
cpe:/a:redhat:advanced_cluster_security:3.0
cpe:/a:redhat:advanced_cluster_management_for_kubernetes:2.0
cpe:/a:redhat:3scale_api_management_platform:2.0
cpe:/a:projectcontour:contour:::~kubernetes 2023-10-11
cpe:/a:openresty:openresty 1.21.4.3
cpe:/a:nodejs:node.js:::lts~ 18.0.0 18.18.2
cpe:/a:nodejs:node.js 20.0.0 20.8.1
cpe:/a:nghttp2:nghttp2 1.57.0
cpe:/a:netty:netty 4.1.100
cpe:/a:netapp:astra_control_center:-
cpe:/a:microsoft:visual_studio_2022 17.0 17.2.20
cpe:/a:microsoft:visual_studio_2022 17.4 17.4.12
cpe:/a:microsoft:visual_studio_2022 17.6 17.6.8
cpe:/a:microsoft:visual_studio_2022 17.7 17.7.5
cpe:/a:microsoft:cbl-mariner 2023-10-11
cpe:/a:microsoft:azure_kubernetes_service 2023-10-08
cpe:/a:microsoft:asp.net_core 6.0.0 6.0.23
cpe:/a:microsoft:asp.net_core 7.0.0 7.0.12
cpe:/a:microsoft:.net 6.0.0 6.0.23
cpe:/a:microsoft:.net 7.0.0 7.0.12
cpe:/a:linkerd:linkerd:::stable~kubernetes 2.12.0 2.12.5
cpe:/a:linkerd:linkerd:2.14.1::stable~kubernetes
cpe:/a:linkerd:linkerd:2.14.0::stable~kubernetes
cpe:/a:linkerd:linkerd:2.13.1::stable~kubernetes
cpe:/a:linkerd:linkerd:2.13.0::stable~kubernetes
cpe:/a:linecorp:armeria 1.26.0
cpe:/a:konghq:kong_gateway:::enterprise~ 3.4.2
cpe:/a:kazu-yamamoto:http2 4.2.2
cpe:/a:jenkins:jenkins:::lts~ 2.414.2
cpe:/a:jenkins:jenkins:::-~ 2.427
cpe:/a:istio:istio 1.17.6
cpe:/a:istio:istio 1.18.0 1.18.3
cpe:/a:istio:istio 1.19.0 1.19.1
cpe:/a:ietf:http:2.0
cpe:/a:grpc:grpc:::~go 1.56.3
cpe:/a:grpc:grpc:::~go 1.58.0 1.58.3
cpe:/a:grpc:grpc:::~- 1.59.2
cpe:/a:grpc:grpc:1.57.0:-:~go
cpe:/a:golang:networking:::~go 0.17.0
cpe:/a:golang:http2:::~go 0.17.0
cpe:/a:golang:go 1.20.10
cpe:/a:golang:go 1.21.0 1.21.3
cpe:/a:facebook:proxygen 2023.10.16.00
cpe:/a:f5:nginx_plus:r30:-
cpe:/a:f5:nginx_plus:r29:-
cpe:/a:f5:nginx_plus r25 r29
cpe:/a:f5:nginx_ingress_controller 2.0.0 2.4.2
cpe:/a:f5:nginx_ingress_controller 3.0.0 3.3.0
cpe:/a:f5:nginx 1.9.5 1.25.2
cpe:/a:f5:big-ip_websafe:17.1.0
cpe:/a:f5:big-ip_websafe 13.1.0 13.1.5
cpe:/a:f5:big-ip_websafe 14.1.0 14.1.5
cpe:/a:f5:big-ip_websafe 15.1.0 15.1.10
cpe:/a:f5:big-ip_websafe 16.1.0 16.1.4
cpe:/a:f5:big-ip_webaccelerator:17.1.0
cpe:/a:f5:big-ip_webaccelerator 13.1.0 13.1.5
cpe:/a:f5:big-ip_webaccelerator 14.1.0 14.1.5
cpe:/a:f5:big-ip_webaccelerator 15.1.0 15.1.10
cpe:/a:f5:big-ip_webaccelerator 16.1.0 16.1.4
cpe:/a:f5:big-ip_ssl_orchestrator:17.1.0
cpe:/a:f5:big-ip_ssl_orchestrator 13.1.0 13.1.5
cpe:/a:f5:big-ip_ssl_orchestrator 14.1.0 14.1.5
cpe:/a:f5:big-ip_ssl_orchestrator 15.1.0 15.1.10
cpe:/a:f5:big-ip_ssl_orchestrator 16.1.0 16.1.4
cpe:/a:f5:big-ip_policy_enforcement_manager:17.1.0
cpe:/a:f5:big-ip_policy_enforcement_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_policy_enforcement_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_policy_enforcement_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_policy_enforcement_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_next_service_proxy_for_kubernetes 1.5.0 1.8.2
cpe:/a:f5:big-ip_next:20.0.1
cpe:/a:f5:big-ip_local_traffic_manager:17.1.0
cpe:/a:f5:big-ip_local_traffic_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_local_traffic_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_local_traffic_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_local_traffic_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_link_controller:17.1.0
cpe:/a:f5:big-ip_link_controller 13.1.0 13.1.5
cpe:/a:f5:big-ip_link_controller 14.1.0 14.1.5
cpe:/a:f5:big-ip_link_controller 15.1.0 15.1.10
cpe:/a:f5:big-ip_link_controller 16.1.0 16.1.4
cpe:/a:f5:big-ip_global_traffic_manager:17.1.0
cpe:/a:f5:big-ip_global_traffic_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_global_traffic_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_global_traffic_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_global_traffic_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_fraud_protection_service:17.1.0
cpe:/a:f5:big-ip_fraud_protection_service 13.1.0 13.1.5
cpe:/a:f5:big-ip_fraud_protection_service 14.1.0 14.1.5
cpe:/a:f5:big-ip_fraud_protection_service 15.1.0 15.1.10
cpe:/a:f5:big-ip_fraud_protection_service 16.1.0 16.1.4
cpe:/a:f5:big-ip_domain_name_system:17.1.0
cpe:/a:f5:big-ip_domain_name_system 13.1.0 13.1.5
cpe:/a:f5:big-ip_domain_name_system 14.1.0 14.1.5
cpe:/a:f5:big-ip_domain_name_system 15.1.0 15.1.10
cpe:/a:f5:big-ip_domain_name_system 16.1.0 16.1.4
cpe:/a:f5:big-ip_ddos_hybrid_defender:17.1.0
cpe:/a:f5:big-ip_ddos_hybrid_defender 13.1.0 13.1.5
cpe:/a:f5:big-ip_ddos_hybrid_defender 14.1.0 14.1.5
cpe:/a:f5:big-ip_ddos_hybrid_defender 15.1.0 15.1.10
cpe:/a:f5:big-ip_ddos_hybrid_defender 16.1.0 16.1.4
cpe:/a:f5:big-ip_carrier-grade_nat:17.1.0
cpe:/a:f5:big-ip_carrier-grade_nat 13.1.0 13.1.5
cpe:/a:f5:big-ip_carrier-grade_nat 14.1.0 14.1.5
cpe:/a:f5:big-ip_carrier-grade_nat 15.1.0 15.1.10
cpe:/a:f5:big-ip_carrier-grade_nat 16.1.0 16.1.4
cpe:/a:f5:big-ip_application_visibility_and_reporting:17.1.0
cpe:/a:f5:big-ip_application_visibility_and_reporting 13.1.0 13.1.5
cpe:/a:f5:big-ip_application_visibility_and_reporting 14.1.0 14.1.5
cpe:/a:f5:big-ip_application_visibility_and_reporting 15.1.0 15.1.10
cpe:/a:f5:big-ip_application_visibility_and_reporting 16.1.0 16.1.4
cpe:/a:f5:big-ip_application_security_manager:17.1.0
cpe:/a:f5:big-ip_application_security_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_application_security_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_application_security_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_application_security_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_application_acceleration_manager:17.1.0
cpe:/a:f5:big-ip_application_acceleration_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_application_acceleration_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_application_acceleration_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_application_acceleration_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_analytics:17.1.0
cpe:/a:f5:big-ip_analytics 13.1.0 13.1.5
cpe:/a:f5:big-ip_analytics 14.1.0 14.1.5
cpe:/a:f5:big-ip_analytics 15.1.0 15.1.10
cpe:/a:f5:big-ip_analytics 16.1.0 16.1.4
cpe:/a:f5:big-ip_advanced_web_application_firewall:17.1.0
cpe:/a:f5:big-ip_advanced_web_application_firewall 13.1.0 13.1.5
cpe:/a:f5:big-ip_advanced_web_application_firewall 14.1.0 14.1.5
cpe:/a:f5:big-ip_advanced_web_application_firewall 15.1.0 15.1.10
cpe:/a:f5:big-ip_advanced_web_application_firewall 16.1.0 16.1.4
cpe:/a:f5:big-ip_advanced_firewall_manager:17.1.0
cpe:/a:f5:big-ip_advanced_firewall_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_advanced_firewall_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_advanced_firewall_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_advanced_firewall_manager 16.1.0 16.1.4
cpe:/a:f5:big-ip_access_policy_manager:17.1.0
cpe:/a:f5:big-ip_access_policy_manager 13.1.0 13.1.5
cpe:/a:f5:big-ip_access_policy_manager 14.1.0 14.1.5
cpe:/a:f5:big-ip_access_policy_manager 15.1.0 15.1.10
cpe:/a:f5:big-ip_access_policy_manager 16.1.0 16.1.4
cpe:/a:envoyproxy:envoy:1.27.0
cpe:/a:envoyproxy:envoy:1.26.4
cpe:/a:envoyproxy:envoy:1.25.9
cpe:/a:envoyproxy:envoy:1.24.10
cpe:/a:eclipse:jetty 9.4.53
cpe:/a:eclipse:jetty 10.0.0 10.0.17
cpe:/a:eclipse:jetty 11.0.0 11.0.17
cpe:/a:eclipse:jetty 12.0.0 12.0.2
cpe:/a:dena:h2o 2023-10-10
cpe:/a:cisco:unified_contact_center_management_portal:-
cpe:/a:cisco:unified_contact_centerenterprise-_live_data_server 12.6.2
cpe:/a:cisco:unified_contact_center_enterprise:-
cpe:/a:cisco:unified_contact_center_domain_manager:-
cpe:/a:cisco:unified_attendant_console_advanced:-
cpe:/a:cisco:ultra_cloudcore-_session_management_function 2024.02.0
cpe:/a:cisco:ultra_cloudcore-_serving_gateway_function 2024.02.0
cpe:/a:cisco:ultra_cloudcore-_policy_control_function:2024.01.0
cpe:/a:cisco:ultra_cloudcore-_policy_control_function 2024.01.0
cpe:/a:cisco:telepresence_video_communication_server x14.3.3
cpe:/a:cisco:secure_malware_analytics 2.19.2
cpe:/a:cisco:secure_dynamic_attributes_connector 2.2.0
cpe:/a:cisco:prime_network_registrar 11.2
cpe:/a:cisco:prime_infrastructure 3.10.4
cpe:/a:cisco:prime_cable_provisioning 7.2.1
cpe:/a:cisco:prime_access_registrar 9.3.3
cpe:/a:cisco:iot_field_network_director 4.11.0
cpe:/a:cisco:firepower_threat_defense 7.4.2
cpe:/a:cisco:expressway x14.3.3
cpe:/a:cisco:enterprise_chat_and_email:-
cpe:/a:cisco:data_center_network_manager:-
cpe:/a:cisco:crosswork_zero_touch_provisioning 6.0.0
cpe:/a:cisco:crosswork_data_gateway:5.0
cpe:/a:cisco:crosswork_data_gateway 4.1.3
cpe:/a:cisco:connected_mobile_experiences 11.1
cpe:/a:caddyserver:caddy 2.7.5
cpe:/a:apple:swiftnio_http%2f2:::~swift 1.28.0
cpe:/a:apache:traffic_server 8.0.0 8.1.9
cpe:/a:apache:traffic_server 9.0.0 9.2.3
cpe:/a:apache:tomcat:11.0.0:milestone9
cpe:/a:apache:tomcat:11.0.0:milestone8
cpe:/a:apache:tomcat:11.0.0:milestone7
cpe:/a:apache:tomcat:11.0.0:milestone6
cpe:/a:apache:tomcat:11.0.0:milestone5
cpe:/a:apache:tomcat:11.0.0:milestone4
cpe:/a:apache:tomcat:11.0.0:milestone3
cpe:/a:apache:tomcat:11.0.0:milestone2
cpe:/a:apache:tomcat:11.0.0:milestone11
cpe:/a:apache:tomcat:11.0.0:milestone10
cpe:/a:apache:tomcat:11.0.0:milestone1
cpe:/a:apache:tomcat 10.1.0 10.1.13
cpe:/a:apache:tomcat 8.5.0 8.5.93
cpe:/a:apache:tomcat 9.0.0 9.0.80
cpe:/a:apache:solr 9.4.0
cpe:/a:apache:apisix 3.6.1
cpe:/a:amazon:opensearch_data_prepper 2.5.0
cpe:/a:akka:http_server 10.5.3
witchcraze commented 7 months ago

ok