anonhaven
Ad

CVE-2024-23280

MEDIUM CVSS 3.1: 6.5 EPSS 0.52%
Updated Apr 02, 2026
Fedoraproject
Parameter Value
CVSS 6.5 (MEDIUM)
Affected Versions 14.0 — 2.44.0
Fixed In 17.4
Type CWE-74 (Injection)
Vendor Fedoraproject
Public PoC No

An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-74 Injection

Vulnerable Products 11

Configuration From (including) Up to (excluding)
Apple Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
 17.4
Apple Ipad_Os
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
 17.4
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
 17.4
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 14.0 14.4
Apple Tvos
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
 17.4
Apple Watchos
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
 10.4
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
Fedoraproject Fedora
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Webkitgtk Webkitgtk
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
 2.44.0
Wpewebkit Wpe_Webkit
cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*
 2.44.0

References 23

https://support.apple.com/en-us/120881
product-security@apple.com
https://support.apple.com/en-us/120882
product-security@apple.com
https://support.apple.com/en-us/120893
product-security@apple.com
https://support.apple.com/en-us/120894
product-security@apple.com
https://support.apple.com/en-us/120895
product-security@apple.com
http://seclists.org/fulldisclosure/2024/Mar/20
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Mar/21
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Mar/24
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2024/Mar/25
af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2024/03/26/1
af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
af854a3a-2127-422b-91ae-364da2661108
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj…
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214081
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214084
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214086
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214088
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/en-us/HT214089
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214081
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214084
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214086
af854a3a-2127-422b-91ae-364da2661108
https://support.apple.com/kb/HT214089
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35094

Fedoraproject

5.5

CVE-2026-35093

Fedoraproject

8.8

CVE-2024-4761

Fedoraproject

8.8

CVE-2024-27834

Fedoraproject

5.5

CVE-2024-23284

Fedoraproject

6.5