CVE-2023-42183

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/12/2023
Last modified:
08/10/2024

Description

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:lockss:classic_lockss_daemon:*:*:*:*:*:*:*:* 1.77.3 (excluding)