CVE-2023-37360
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-37360
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37360.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-37360
- Aliases
-
- GHSA-62q6-v997-f7v9
- PYSEC-2023-93
- Downstream
- Related
- Published
- 2023-06-30T18:15:10Z
- Modified
- 2025-09-16T07:31:39.911684Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
- References
Affected packages
Debian:11 / pacparser
Package
- Name
- pacparser
- Purl
- pkg:deb/debian/pacparser?arch=source
Debian:12 / pacparser
Package
- Name
- pacparser
- Purl
- pkg:deb/debian/pacparser?arch=source
Debian:13 / pacparser
Package
- Name
- pacparser
- Purl
- pkg:deb/debian/pacparser?arch=source
Debian:14 / pacparser
Package
- Name
- pacparser
- Purl
- pkg:deb/debian/pacparser?arch=source
Git / github.com/manugarg/pacparser
Affected ranges
- Type
- GIT
- Repo
- https://github.com/manugarg/pacparser
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.2.0rc2
1.2.0rc3
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.7rc2
1.3.7rc3
1.3.7rc4
1.3.7rc5
1.3.7rc6
release-1.*
release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.0.6
release-1.0.8
release-1.0.9
release-1.1.0
release-1.1.1
Other
trunk
v1.*
v1.3.8
v1.3.9
v1.4.0
v1.4.1
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 903.0,
"function_hash": "199950473125563575903334866839221358138"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-132bb7e3",
"target": {
"function": "str_replace",
"file": "src/pac_utils.h"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"154808652015268744971593116967829010890",
"105833940030283833487023490265399133589",
"120075223275449726021594820809415043228",
"102165924436592197096699860127655143779",
"82700882909482183051983452369462800027",
"330074991010469710767722070837304215124",
"220325174404216190613899197450481178402",
"97084374715902419691913316159513553224",
"294519256773238437796680632802606235813",
"110895397144468202426351148960431818429",
"207376547218109367715068179772974268747",
"235479204009830645614061575175675272705",
"5112962854821613949606332418840126251",
"272207552647667314317402051909165864999",
"335733812820882190494792609035626683809",
"175495831383776239050675518099659017740",
"53694012508533401767668683310993176648",
"40953319738216926173555598970498945959",
"304378315645483167690500165464078439808",
"106785533709245505314602446458799698145",
"176403631359646892228301150871582889629",
"116172732056437183121460177197623102720",
"177610994630790869443031425352983845810",
"295529357868149362607811334928471822029",
"44356417939780340517857262463782162294",
"23695004507319638972196851209154553144",
"333287266052681197208262940792211477698",
"47395292284234480785748111808885311365",
"11277166030252851784905607471136159605",
"206384174101450162053840085739484802708",
"329787106585976667698198747750613110605",
"33208505466606464358877069799628941040",
"210459878857646993136113225053142585065",
"300615924813485548263923922004490349040",
"270488322418683362152665081921185021906",
"125198345693476451142542858778454455881",
"2065713021470314128242121514763141159"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-45922c16",
"target": {
"file": "src/pac_utils.h"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"327548225291328856914110713719551325231",
"326264979680266577755217888882575403620",
"325619253487791450503213144521064966647",
"322461737877627182532226964663288979606",
"139085807647534230602556646606038955027",
"214018903876990130985063454258900332152",
"174196411777716809309804659010952674053",
"175973629195208611088669721819335457320",
"97577613352496948238204890650324569551",
"280191434523434549021364039096996039974",
"210505986340697790645411263680270035844",
"106496200097120462686251559805241603104",
"54366785608034846115064391508141649879",
"92070074491915505614297134501874438053",
"320447203755732607750871129306358224460",
"274136056839825531932990377542818707454",
"23228389880571358517880208298655605672",
"87593688720617547996546510751669057417",
"278138694419263891333155306992891355742",
"91620596755946374734754835850149498325",
"66019717115584378272242165793973255038",
"101444123813378639226489876331355491938",
"151482581025978983633173685597025591563",
"240708377154374431452298236635731222581",
"161481750482383801249923775532996214515",
"109365973752764779646914032309479215070",
"140478912071845129675048989797799358272",
"163035791475195730856261442104696221622",
"89431581891026140842951091482013917484",
"329154748136917546805845558560069896489"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-8e6fa60b",
"target": {
"file": "src/pacparser.c"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Line"
},
{
"digest": {
"length": 893.0,
"function_hash": "285937350098340053443243034903428654569"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-a024fc71",
"target": {
"function": "main",
"file": "src/pac_utils_test.c"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Function"
},
{
"digest": {
"length": 571.0,
"function_hash": "172415125491951499646796060772506024055"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-a3b09e0b",
"target": {
"function": "my_ip_ex",
"file": "src/pacparser.c"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"190317961977386775364708432721650855190",
"103167566526038438020397172120959611908",
"25498797394433841180400077121495950483",
"318276044801224052539036026084947597139",
"290447028034129597491320723859294584205",
"266049893050823970777421346655016088069",
"206531948892316208568229740643308727748",
"218394632035988367709862226188828417763",
"38246635238518951896794914742456944751",
"218472460215031256229836501000326186397",
"115581370803317286198078216920112854508",
"153269593597925546061068388930280433277",
"301698164208630276446469802088664479061",
"51674857888337738211970190196389250691",
"51840845279886102163423462539659243462",
"206560398620113982124750823463645062757"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-bdacbed9",
"target": {
"file": "src/pac_utils_test.c"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Line"
},
{
"digest": {
"length": 1819.0,
"function_hash": "247733174183598718463523859575930753921"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-37360-e2fb2314",
"target": {
"function": "pacparser_find_proxy",
"file": "src/pacparser.c"
},
"source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
"signature_type": "Function"
}
]
}