Login Sign Up

CVE-2023-2583

10.0 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2023-2583 is a critical code injection vulnerability in jsreport, a JavaScript-based reporting tool. It allows attackers to execute arbitrary code on affected servers by injecting malicious input. All users running jsreport versions prior to 3.11.3 are affected.

💻 Affected Systems

Products:
  • jsreport
Versions: All versions prior to 3.11.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all jsreport deployments regardless of configuration. The vulnerability is in the core code.

📦 What is this software?

Jsreport by Jsreport

View all CVEs affecting Jsreport →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to steal sensitive data, manipulate reports, or use the server as a foothold for further attacks.

🟢

If Mitigated

Limited impact with proper input validation, sandboxing, and network segmentation preventing lateral movement.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available in the linked references. The CVSS 10.0 score indicates trivial exploitation with maximum impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.11.3

Vendor Advisory: https://github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7

Restart Required: Yes

Instructions:

1. Update jsreport to version 3.11.3 or later using npm: npm update jsreport. 2. Restart the jsreport service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject suspicious patterns in report templates and data.

Network Isolation

all

Place jsreport servers in isolated network segments with strict firewall rules limiting inbound/outbound connections.

🧯 If You Can't Patch

  • Immediately isolate affected systems from the internet and critical internal networks.
  • Implement application-level firewalls (WAF) with rules to block code injection patterns.

🔍 How to Verify

Check if Vulnerable:

Check the jsreport version in package.json or via npm list jsreport. If version is below 3.11.3, the system is vulnerable.

Check Version:

npm list jsreport | grep jsreport

Verify Fix Applied:

Confirm the version is 3.11.3 or higher using npm list jsreport and test report generation with safe inputs.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from jsreport context
  • Errors containing suspicious code patterns in report requests
  • Unexpected network connections from jsreport server

Network Indicators:

  • Outbound connections to unusual IPs/ports from jsreport server
  • Large data exfiltration from jsreport host

SIEM Query:

source="jsreport" AND (process_execution OR error_message="*eval*" OR error_message="*require*" OR error_message="*Function*")

📊 Metadata

CVE ID: CVE-2023-2583
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-94
Published: May 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-2583, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)