Unicode Normalization Bypass in lockss-daemon (Classic LOCKSS Daemon) before 1.77.3

Unicode Normalization Bypass in lockss-daemon (Classic LOCKSS Daemon) before 1.77.3

CVE-2023-42183 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.

Learn more about our Web Application Penetration Testing UK.