Vulnerability Description
SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ss-Proj | Shirasagi | < 1.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334Product
- https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9rExploitMitigationVendor Advisory
- https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checksExploitThird Party Advisory
- https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334Product
- https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9rExploitMitigationVendor Advisory
- https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checksExploitThird Party Advisory
FAQ
What is CVE-2023-41889?
CVE-2023-41889 is a vulnerability with a CVSS score of 5.3 (MEDIUM). SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performe...
How severe is CVE-2023-41889?
CVE-2023-41889 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41889?
Check the references section above for vendor advisories and patch information. Affected products include: Ss-Proj Shirasagi.