CVE-2023-26154
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
pubnub Insufficient Entropy vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | pubnub | <>= 5.3.0 | >= 5.3.0 |
| Maven | com.pubnub:pubnub-kotlin | <7.7.0 | 7.7.0 |
| Maven | com.pubnub:pubnub | <=4.6.5 | |
| Go | github.com/pubnub/go/v7 | <7.2.0 | 7.2.0 |
| Go | github.com/pubnub/go | <0.0.0-20231016150651-428517fef5b9 | 0.0.0-20231016150651-428517fef5b9 |
| crates.io | pubnub | <0.4.0 | 0.4.0 |
| Packagist | pubnub/pubnub | <6.1.0 | 6.1.0 |
| Pub | pubnub | <4.3.0 | 4.3.0 |
| Go | github.com/pubnub/go/v6 | <6.1.1-0.20231016150651-428517fef5b9 | 6.1.1-0.20231016150651-428517fef5b9 |
| Go | github.com/pubnub/go/v5 | <5.0.4-0.20231016150651-428517fef5b9 | 5.0.4-0.20231016150651-428517fef5b9 |
| NuGet | Pubnub | <6.19.0 | 6.19.0 |
| SwiftURL | github.com/pubnub/swift | <6.2.0 | 6.2.0 |
| RubyGems | pubnub | <5.3.0 | 5.3.0 |
| npm | pubnub | <7.4.0 | 7.4.0 |
| PyPI | pubnub | <7.3.0 | 7.3.0 |
| Go | github.com/pubnub/go | | |
| Go | github.com/pubnub/go/v5 | | |
| Go | github.com/pubnub/go/v6 | | |
References
- https://github.com/advisories/GHSA-5844-q3fc-56rh
- https://nvd.nist.gov/vuln/detail/CVE-2023-26154
- https://github.com/pubnub/go/commit/428517fef5b901db7275d9f5a75eda89a4c28e08
- https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
- https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
- https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
- https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
- https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
- https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
- https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
- https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
- https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
- https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
- https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
- https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
- https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/pubnub/CVE-2023-26154.yml
- https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js#L70
- https://github.com/pubnub/javascript
- https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.