SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.

Affected Packages

npm @sap/xssec

Affected versions: 0 (fixed in 3.6.0)

Related CVEs

CVE-2023-49583

Key Information

GHSA ID

GHSA-p2vx-qj66-88q3

Published

December 12, 2023 3:31 AM

Last Modified

September 30, 2024 1:40 PM

CVSS Score

9.0 /10

Primary Ecosystem

npm

Primary Package

@sap/xssec

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.