CVE-2023-45311 — CRITICAL (9.8)

Q: How severe is CVE-2023-45311?

CVE-2023-45311 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-45311?

Check the references section above for vendor advisories and patch information. Affected products include: Fsevents Project Fsevents.

Vulnerability Description

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. NOTE: some sources feel that this means that no version is affected any longer, because the URL is not controlled by an adversary.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fsevents Project	Fsevents	< 1.2.11

Related Weaknesses (CWE)

CWE-94

References

https://github.com/atlassian/moo/blob/56ccbdd41b493332bc2cd7a4097a5802594cdb9c/pExploitVendor Advisory
https://github.com/atlassian/react-immutable-proptypes/blob/ddb9fa5194b931bf7528ExploitVendor Advisory
https://github.com/cloudflare/authr/blob/3f6129d97d06e61033a7f237d84e35e678db490ExploitVendor Advisory
https://github.com/cloudflare/hugo-cloudflare-docs/blob/e0f7cfa195af8ef1bfa51a48ExploitVendor Advisory
https://github.com/cloudflare/redux-grim/blob/b652f99f95fb16812336073951adc5c5a9ExploitVendor Advisory
https://github.com/cloudflare/serverless-cloudflare-workers/blob/e95e1e9c9770ed9ExploitVendor Advisory
https://github.com/fsevents/fsevents/compare/v1.2.10...v1.2.11PatchVendor Advisory
https://security.snyk.io/vuln/SNYK-JS-FSEVENTS-5487987
https://github.com/atlassian/moo/blob/56ccbdd41b493332bc2cd7a4097a5802594cdb9c/pExploitVendor Advisory
https://github.com/atlassian/react-immutable-proptypes/blob/ddb9fa5194b931bf7528ExploitVendor Advisory
https://github.com/cloudflare/authr/blob/3f6129d97d06e61033a7f237d84e35e678db490ExploitVendor Advisory
https://github.com/cloudflare/hugo-cloudflare-docs/blob/e0f7cfa195af8ef1bfa51a48ExploitVendor Advisory
https://github.com/cloudflare/redux-grim/blob/b652f99f95fb16812336073951adc5c5a9ExploitVendor Advisory
https://github.com/cloudflare/serverless-cloudflare-workers/blob/e95e1e9c9770ed9ExploitVendor Advisory
https://github.com/fsevents/fsevents/compare/v1.2.10...v1.2.11PatchVendor Advisory

FAQ

What is CVE-2023-45311?

CVE-2023-45311 is a vulnerability with a CVSS score of 9.8 (CRITICAL). fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsev...

How severe is CVE-2023-45311?

CVE-2023-45311 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-45311?

Check the references section above for vendor advisories and patch information. Affected products include: Fsevents Project Fsevents.