CVE-2024-23280
Published: March 20, 2024Last modified: November 6, 2024
Description
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | HIGH |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Liberica JDK | 8 | jdk-full | Fixed (8u432+7) |
| jre-full | Fixed (8u432+7) | ||
| 11 | jdk-full | Fixed (11.0.25+11) | |
| jre-full | Fixed (11.0.25+11) | ||
| 17 | jdk-full | Fixed (17.0.13+12) | |
| jre-full | Fixed (17.0.13+12) | ||
| 21 | jdk-full | Fixed (21.0.5+11) | |
| jre-full | Fixed (21.0.5+11) | ||
| 23 | jdk-full | Fixed (23.0.1+13) | |
| jre-full | Fixed (23.0.1+13) | ||
| Liberica NIK | 23 (JDK 17) | full | Fixed (23.0.6+1) |
| 23 (JDK 21) | full | Fixed (23.1.5+1) | |
| 24 (JDK 23) | full | Fixed (24.1.1+1) |
References
- http://seclists.org/fulldisclosure/2024/Mar/20
- http://seclists.org/fulldisclosure/2024/Mar/21
- http://seclists.org/fulldisclosure/2024/Mar/24
- http://seclists.org/fulldisclosure/2024/Mar/25
- http://www.openwall.com/lists/oss-security/2024/03/26/1
- https://lists.fedoraproject.org/archives/list/[email protected]/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/
- https://support.apple.com/en-us/HT214081
- https://support.apple.com/en-us/HT214084
- https://support.apple.com/en-us/HT214086
- https://support.apple.com/en-us/HT214088
- https://support.apple.com/en-us/HT214089