High severityNVD Advisory· Published Sep 8, 2023· Updated Sep 26, 2024
CVE-2023-39584
CVE-2023-39584
Description
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hexonpm | < 7.2.0 | 7.2.0 |
Affected products
1Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-x2jc-989c-47q4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39584ghsaADVISORY
- github.com/hexojs/hexo/blob/a3e68e7576d279db22bd7481914286104e867834/lib/plugins/tag/include_code.jsghsaWEB
- github.com/hexojs/hexo/blob/cefee921153ba597316457f4fedf7b87b6516917/lib/plugins/tag/include_code.tsghsaWEB
- github.com/hexojs/hexo/commit/b5b63caee27256d71a0cee8954c22375ec885d07ghsaWEB
- github.com/hexojs/hexo/issues/5250ghsaWEB
- github.com/hexojs/hexo/pull/5251ghsaWEB
- www.gem-love.com/2023/07/25/hexo%E5%8D%9A%E5%AE%A2%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E5%92%8C%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/mitre
News mentions
0No linked articles in our index yet.