PYSEC-2023-93
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pacparser/PYSEC-2023-93.yaml
- JSON Data
- https://api.test.osv.dev/v1/vulns/PYSEC-2023-93
- Aliases
-
- CVE-2023-37360
- GHSA-62q6-v997-f7v9
- Published
- 2023-06-30T18:15:00Z
- Modified
- 2025-09-19T04:23:27.831358Z
- Summary
- [none]
- Details
-
pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).
- References
Affected packages
PyPI / pacparser
Package
- Name
- pacparser
- View open source insights on deps.dev
- Purl
- pkg:pypi/pacparser
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.2
Affected versions
1.*
1.3.7rc1
1.3.7rc5
1.3.7rc6
1.3.7
1.3.8.dev15
1.3.8.dev18
1.3.8.dev39
1.3.9.dev7
1.3.9.dev8
1.3.9
1.4.0.dev1
1.4.0.dev3
1.4.0
1.4.1.dev7
1.4.1.dev8
1.4.1.dev9
1.4.1.dev10
1.4.1.dev13
1.4.1.dev14
1.4.1.dev15
1.4.1.dev16
1.4.1
1.4.2.dev1
1.4.2.dev4
1.4.2.dev5
1.4.2.dev8
1.4.2.dev11
1.4.2.dev12
1.4.2.dev18
1.4.2.dev19
1.4.2.dev21
1.4.2.dev22