CVE-2023-45849

Summary

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

Affected Software

VendorProductVersion RangeStatus
HelixHelix Core0.0.0 < 2023.2affected
HelixHelix Core0.0.0 < 2023.1 Patch 2affected
HelixHelix Core0.0.0 < 2022.2 Patch 3affected
HelixHelix Core0.0.0 < 2022.1 Patch 6affected
HelixHelix Core0.0.0 < 2021.2 Patch 10affected

Weaknesses

  • CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CVE Program Container

Additional References

References