CVE-2023-40397 - OpenCVE

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Webkitgtk	Webkitgtk
Wpewebkit	Wpe Webkit
Apple	Macos

Configuration 1 [-]

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:webkitgtk:webkitgtk::::::::
	cpe:2.3:a:wpewebkit:wpe_webkit::::::::

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/09/11/1	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202401-04
https://support.apple.com/en-us/HT213843	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2023-09-06T20:48:06.383Z

Updated: 2023-09-06T20:48:06.383Z

Reserved: 2023-08-14T20:26:36.254Z

Link: CVE-2023-40397

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-06T21:15:13.850

Modified: 2024-01-05T14:15:47.920

Link: CVE-2023-40397

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171", "versionEndExcluding": "13.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8323D399-B803-4CE3-ABB4-DB6972FB22AC", "versionEndExcluding": "2.40.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "53249158-E300-4F0D-A16D-9C19701E2E05", "versionEndExcluding": "2.40.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Ventura 13.5. Un atacante remoto puede ser capaz de provocar la ejecuci\u00f3n arbitraria de c\u00f3digo javascript."}], "id": "CVE-2023-40397", "lastModified": "2024-01-05T14:15:47.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-06T21:15:13.850", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"}, {"source": "product-security@apple.com", "url": "https://security.gentoo.org/glsa/202401-04"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213843"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}