CVE-2023-40397
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') (CWE-96)
Published: Sep 6, 2023 / Updated: 14mo ago
010
CVSS 9.8EPSS 0.05%Critical
CVE info copied to clipboard
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
CVE Assignment
NVD published the first details for CVE-2023-40397
Sep 6, 2023 at 9:15 PM
First Article
Feedly found the first article mentioning CVE-2023-40397. See article
Sep 6, 2023 at 9:19 PM / infosec.exchange
EPSS
EPSS Score was set to: 0.05% (Percentile: 12.5%)
Sep 7, 2023 at 10:01 PM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (941362)
Nov 16, 2023 at 12:00 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Nessus (186130)
Nov 22, 2023 at 12:15 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (244582)
Oct 28, 2024 at 5:15 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (244581)
Oct 28, 2024 at 5:15 AM
Affected Systems
Wpewebkit/wpe_webkit
+null more
Patches
bugzilla.redhat.com
+null more
Attack Patterns
CAPEC-35: Leverage Executable Code in Non-Executable Files
+null more
Vendor Advisory
About the security content of macOS Ventura 13.5
Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to execute arbitrary code with kernel privileges
References
About the security content of macOS Ventura 13.5 - Apple Support
Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to execute arbitrary code with kernel privileges
About the security content of macOS Ventura 13.5
Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to execute arbitrary code with kernel privileges
About the security content of iOS 16.6 and iPadOS 16.6 - Apple Support
Impact: An app may be able to execute arbitrary code with kernel privileges Impact: An app may be able to execute arbitrary code with kernel privileges
News
Red Hat Security Advisory 2024-9680-03
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Security: Mehrere Probleme in webkit2gtk3 (Red Hat)
* webkitgtk: Processing web content may lead to arbitrary code execution * webkitgtk: Processing web content may lead to arbitrary code execution
Red Hat Enterprise Linux 8 update for webkit2gtk3
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system. The vulnerability exists due to a logic issue when handling HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.
RHSA-2024:9646: Important: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
RHSA-2024:9653: Important: webkit2gtk3 security update
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27833)
See 132 more articles and social media posts