gsd-2023-40451
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.
Aliases
Aliases
CVE-2023-40451


To clipboard 

{
  "GSD": {
    "alias": "CVE-2023-40451",
    "id": "GSD-2023-40451"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-40451"
      ],
      "details": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.",
      "id": "GSD-2023-40451",
      "modified": "2023-12-13T01:20:43.648194Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2023-40451",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Safari",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "17"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An attacker with JavaScript execution may be able to execute arbitrary code"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT213941",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT213941"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2023/Oct/2",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2023/Oct/2"
          },
          {
            "name": "https://security.gentoo.org/glsa/202401-33",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202401-33"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "93FB6D0F-A668-47CF-A63D-755CA3BA259A",
                    "versionEndExcluding": "17.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code."
          },
          {
            "lang": "es",
            "value": "Este problema se solucion\u00f3 mejorando la aplicaci\u00f3n de la sandbox de iframe. Este problema se solucion\u00f3 en Safari 17. Un atacante con ejecuci\u00f3n de JavaScript puede ejecutar c\u00f3digo arbitrario."
          }
        ],
        "id": "CVE-2023-40451",
        "lastModified": "2024-01-31T15:15:09.977",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-09-27T15:19:17.090",
        "references": [
          {
            "source": "product-security@apple.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Oct/2"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3"
          },
          {
            "source": "product-security@apple.com",
            "url": "https://security.gentoo.org/glsa/202401-33"
          },
          {
            "source": "product-security@apple.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://support.apple.com/en-us/HT213941"
          }
        ],
        "sourceIdentifier": "product-security@apple.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.