Search for vulnerabilities
Vulnerability details: VCID-scer-be6w-aaas
Vulnerability ID VCID-scer-be6w-aaas
Aliases CVE-2024-23280
Summary An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23280.json
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.00424 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.02778 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
epss 0.03579 https://api.first.org/data/v1/epss?cve=CVE-2024-23280
cvssv3.1 5.9 http://seclists.org/fulldisclosure/2024/Mar/21
generic_textual MODERATE http://seclists.org/fulldisclosure/2024/Mar/21
cvssv3.1 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-23280
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2024-23280
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23280.json
https://api.first.org/data/v1/epss?cve=CVE-2024-23280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23254
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54658
http://seclists.org/fulldisclosure/2024/Mar/20
http://seclists.org/fulldisclosure/2024/Mar/21
http://seclists.org/fulldisclosure/2024/Mar/24
http://seclists.org/fulldisclosure/2024/Mar/25
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/
https://support.apple.com/en-us/HT214081
https://support.apple.com/en-us/HT214084
https://support.apple.com/en-us/HT214086
https://support.apple.com/en-us/HT214088
https://support.apple.com/en-us/HT214089
http://www.openwall.com/lists/oss-security/2024/03/26/1
2270291 https://bugzilla.redhat.com/show_bug.cgi?id=2270291
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-23280 https://nvd.nist.gov/vuln/detail/CVE-2024-23280
GLSA-202407-13 https://security.gentoo.org/glsa/202407-13
RHSA-2024:10481 https://access.redhat.com/errata/RHSA-2024:10481
RHSA-2024:8180 https://access.redhat.com/errata/RHSA-2024:8180
USN-6732-1 https://usn.ubuntu.com/6732-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23280.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Mar/21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23280
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-23280
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.18115
EPSS Score 0.00046
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-04-23T17:18:35.451933+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-23280 34.0.0rc4