CVE-2023-45284
Incorrect detection of reserved device names on Windows in path/filepath
5.3
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.
How to fix CVE-2023-45284
To remediate CVE-2023-45284, upgrade the affected package to a fixed version below.
- —upgrade to 1.20.11 or later
- —no fix listed
- —no fix listed
- —upgrade to 1.20.11 or later
Is CVE-2023-45284 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.20.11, >= 1.21.0-0, < 1.21.4
- from 0
- from 0
- from 0, < 1.20.11, >= 1.21.0-0, < 1.21.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |