CVE-2023-40397
published 2023-09-06CVE-2023-40397: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.36%
68.2th percentile
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.6_and_ipados | — | — |
| apple | macos | < 13.5 | 13.5 |
| apple | macos | >= unspecified < 13.5 | 13.5 |
| apple | macos_ventura | — | — |
| debian | webkit2gtk | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.40.5-1~deb12u1 (bookworm) | webkit2gtk 2.40.5-1~deb12u1 (bookworm) |
| webkitgtk | webkitgtk | < 2.40.5 | 2.40.5 |
| wpewebkit | wpe_webkit | < 2.40.5 | 2.40.5 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: arbitrary javascript code execution
vendor_redhat·2023-09-06·CVSS 9.8
CVE-2023-40397 [CRITICAL] CWE-96 webkitgtk: arbitrary javascript code execution
webkitgtk: arbitrary javascript code execution
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.
Statement: This flaw is being rated as 'Moderate' as WebKitGTK package is shipped as a dependency for Gnome package. Additionally, Red Hat Enterprise Linux doesn't ship any WebKitGTK based web browser where this flaw would present a higher severity major threat.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to w
Apple
CVE-2023-40397: macOS Ventura 13.5
vendor_apple·2023-07-24·CVSS 9.8
CVE-2023-40397 [CRITICAL] CVE-2023-40397: macOS Ventura 13.5
Apple Security Update: About the security content of macOS Ventura 13.5
Product: macOS Ventura
Version: 13.5
CVE: CVE-2023-40397
Component: WebKit
Impact: A remote attacker may be able to cause arbitrary javascript code execution
Description: The issue was addressed with improved checks.
Apple
CVE-2023-40397: iOS 16.6 and iPadOS 16.6
vendor_apple·2023-07-24·CVSS 9.8
CVE-2023-40397 [CRITICAL] CVE-2023-40397: iOS 16.6 and iPadOS 16.6
Apple Security Update: About the security content of iOS 16.6 and iPadOS 16.6
Product: iOS 16.6 and iPadOS
Version: 16.6
CVE: CVE-2023-40397
Component: WebKit
Impact: A remote attacker may be able to cause arbitrary javascript code execution
Description: The issue was addressed with improved checks.
Debian
CVE-2023-40397: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in macOS Ventu...
vendor_debian·2023·CVSS 9.8
CVE-2023-40397 [CRITICAL] CVE-2023-40397: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in macOS Ventu...
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
Scope: local
bookworm: resolved (fixed in 2.40.5-1~deb12u1)
bullseye: resolved (fixed in 2.40.5-1~deb11u1)
forky: resolved (fixed in 2.40.5-1)
sid: resolved (fixed in 2.40.5-1)
trixie: resolved (fixed in 2.40.5-1)
GHSA
GHSA-6x6m-3789-2cmw: The issue was addressed with improved checks
ghsa_unreviewed·2023-09-06
CVE-2023-40397 [CRITICAL] GHSA-6x6m-3789-2cmw: The issue was addressed with improved checks
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
OSV
CVE-2023-40397: The issue was addressed with improved checks
osv·2023-09-06·CVSS 9.8
CVE-2023-40397 [CRITICAL] CVE-2023-40397: The issue was addressed with improved checks
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-06
Published