CVE-2023-42183

Published December 15th, 2023

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

lockss/lockss-daemon

Classic LOCKSS System (LOCKSS 1.x)

GitHub