CVE-2024-23280: An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS…

medium6.5CVSS 3.1

AVNACLPRNUIRSUCNIHAN

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
apple	ios_17.4_and_ipados	—	—
apple	ios_and_ipados	< 17.4	17.4
apple	ipad_os	< 17.4	17.4
apple	iphone_os	< 17.4	17.4
apple	macos	< 14.4	14.4
apple	macos	>= 14.0 < 14.4	14.4
apple	macos_sonoma	—	—
apple	safari	< 17.4	17.4
apple	safari	—	—
apple	tvos	< 17.4	17.4
apple	tvos	—	—
apple	watchos	< 10.4	10.4
apple	watchos	—	—
debian	webkit2gtk	< webkit2gtk 2.44.1-1~deb12u1 (bookworm)	webkit2gtk 2.44.1-1~deb12u1 (bookworm)
debian	wpewebkit	< webkit2gtk 2.44.1-1~deb12u1 (bookworm)	webkit2gtk 2.44.1-1~deb12u1 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
webkitgtk	webkitgtk	< 2.44.0	2.44.0
wpewebkit	wpe_webkit	< 2.44.0	2.44.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

osv6.5MEDIUM