CVE-2023-37360

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-37360

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37360.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-37360

Aliases

GHSA-62q6-v997-f7v9
PYSEC-2023-93

Downstream

DEBIAN-CVE-2023-37360

UBUNTU-CVE-2023-37360

Related

GHSA-62q6-v997-f7v9

Published

2023-06-30T18:15:10Z

Modified

2025-10-16T10:00:07.977071Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).

References

https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9

Affected packages

Git / github.com/manugarg/pacparser

Affected ranges

Type: GIT
Repo: https://github.com/manugarg/pacparser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0bf0636de624996fe202b51eec8a58abd774269e

Affected versions

1.*

1.2.0rc2

1.2.0rc3

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.7rc2

1.3.7rc3

1.3.7rc4

1.3.7rc5

1.3.7rc6

release-1.*

release-1.0.0

release-1.0.1

release-1.0.2

release-1.0.3

release-1.0.4

release-1.0.5

release-1.0.6

release-1.0.8

release-1.0.9

release-1.1.0

release-1.1.1

Other

trunk

v1.*

v1.3.8

v1.3.9

v1.4.0

v1.4.1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "199950473125563575903334866839221358138",
            "length": 903.0
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-132bb7e3",
        "signature_type": "Function",
        "target": {
            "function": "str_replace",
            "file": "src/pac_utils.h"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "154808652015268744971593116967829010890",
                "105833940030283833487023490265399133589",
                "120075223275449726021594820809415043228",
                "102165924436592197096699860127655143779",
                "82700882909482183051983452369462800027",
                "330074991010469710767722070837304215124",
                "220325174404216190613899197450481178402",
                "97084374715902419691913316159513553224",
                "294519256773238437796680632802606235813",
                "110895397144468202426351148960431818429",
                "207376547218109367715068179772974268747",
                "235479204009830645614061575175675272705",
                "5112962854821613949606332418840126251",
                "272207552647667314317402051909165864999",
                "335733812820882190494792609035626683809",
                "175495831383776239050675518099659017740",
                "53694012508533401767668683310993176648",
                "40953319738216926173555598970498945959",
                "304378315645483167690500165464078439808",
                "106785533709245505314602446458799698145",
                "176403631359646892228301150871582889629",
                "116172732056437183121460177197623102720",
                "177610994630790869443031425352983845810",
                "295529357868149362607811334928471822029",
                "44356417939780340517857262463782162294",
                "23695004507319638972196851209154553144",
                "333287266052681197208262940792211477698",
                "47395292284234480785748111808885311365",
                "11277166030252851784905607471136159605",
                "206384174101450162053840085739484802708",
                "329787106585976667698198747750613110605",
                "33208505466606464358877069799628941040",
                "210459878857646993136113225053142585065",
                "300615924813485548263923922004490349040",
                "270488322418683362152665081921185021906",
                "125198345693476451142542858778454455881",
                "2065713021470314128242121514763141159"
            ]
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-45922c16",
        "signature_type": "Line",
        "target": {
            "file": "src/pac_utils.h"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "327548225291328856914110713719551325231",
                "326264979680266577755217888882575403620",
                "325619253487791450503213144521064966647",
                "322461737877627182532226964663288979606",
                "139085807647534230602556646606038955027",
                "214018903876990130985063454258900332152",
                "174196411777716809309804659010952674053",
                "175973629195208611088669721819335457320",
                "97577613352496948238204890650324569551",
                "280191434523434549021364039096996039974",
                "210505986340697790645411263680270035844",
                "106496200097120462686251559805241603104",
                "54366785608034846115064391508141649879",
                "92070074491915505614297134501874438053",
                "320447203755732607750871129306358224460",
                "274136056839825531932990377542818707454",
                "23228389880571358517880208298655605672",
                "87593688720617547996546510751669057417",
                "278138694419263891333155306992891355742",
                "91620596755946374734754835850149498325",
                "66019717115584378272242165793973255038",
                "101444123813378639226489876331355491938",
                "151482581025978983633173685597025591563",
                "240708377154374431452298236635731222581",
                "161481750482383801249923775532996214515",
                "109365973752764779646914032309479215070",
                "140478912071845129675048989797799358272",
                "163035791475195730856261442104696221622",
                "89431581891026140842951091482013917484",
                "329154748136917546805845558560069896489"
            ]
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-8e6fa60b",
        "signature_type": "Line",
        "target": {
            "file": "src/pacparser.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "285937350098340053443243034903428654569",
            "length": 893.0
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-a024fc71",
        "signature_type": "Function",
        "target": {
            "function": "main",
            "file": "src/pac_utils_test.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "172415125491951499646796060772506024055",
            "length": 571.0
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-a3b09e0b",
        "signature_type": "Function",
        "target": {
            "function": "my_ip_ex",
            "file": "src/pacparser.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "190317961977386775364708432721650855190",
                "103167566526038438020397172120959611908",
                "25498797394433841180400077121495950483",
                "318276044801224052539036026084947597139",
                "290447028034129597491320723859294584205",
                "266049893050823970777421346655016088069",
                "206531948892316208568229740643308727748",
                "218394632035988367709862226188828417763",
                "38246635238518951896794914742456944751",
                "218472460215031256229836501000326186397",
                "115581370803317286198078216920112854508",
                "153269593597925546061068388930280433277",
                "301698164208630276446469802088664479061",
                "51674857888337738211970190196389250691",
                "51840845279886102163423462539659243462",
                "206560398620113982124750823463645062757"
            ]
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-bdacbed9",
        "signature_type": "Line",
        "target": {
            "file": "src/pac_utils_test.c"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "247733174183598718463523859575930753921",
            "length": 1819.0
        },
        "source": "https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e",
        "id": "CVE-2023-37360-e2fb2314",
        "signature_type": "Function",
        "target": {
            "function": "pacparser_find_proxy",
            "file": "src/pacparser.c"
        }
    }
]