CVE-2024-23284

CWE-69315 documents8 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Apple IOS AND IpadosApple MacosApple Safari+8 more
Timeline
PublishedMar 8
Latest updateApr 15

Description

A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages18 packages

NVDapple/ipados17.017.4+1
CVEListV5apple/ios_and_ipados< 16.7.6+1
CVEListV5apple/tvos< 17.4
NVDapple/tvos< 17.4
CVEListV5apple/macos< 14.4

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

4
OSV
CVE-2024-23284: A logic issue was addressed with improved state management2024-03-08
GHSA
GHSA-ppgm-9w39-cx97: A logic issue was addressed with improved state management2024-03-08
CVEList
CVE-2024-23284: A logic issue was addressed with improved state management2024-03-08
OSV
CVE-2024-23284: A logic issue was addressed with improved state management2024-03-08

📋Vendor Advisories

10
Ubuntu
WebKitGTK vulnerabilities2024-04-15
Red Hat
webkit: processing maliciously crafted web content prevents Content Security Policy from being enforced2024-03-07
Apple
CVE-2024-23284: tvOS 17.42024-03-07
Apple
CVE-2024-23284: Safari 17.42024-03-07
Apple
CVE-2024-23284: watchOS 10.42024-03-07