{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37450", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-07-05T20:47:01.012Z", "datePublished": "2023-07-26T23:21:56.324Z", "dateUpdated": "2025-02-13T17:01:26.065Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "9.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "references": [{"url": "https://support.apple.com/en-us/HT213826"}, {"url": "https://support.apple.com/en-us/HT213846"}, {"url": "https://support.apple.com/en-us/HT213841"}, {"url": "https://support.apple.com/en-us/HT213843"}, {"url": "https://support.apple.com/en-us/HT213848"}, {"url": "https://security.gentoo.org/glsa/202401-04"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-01-05T14:06:42.026Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.475Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213826", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213846", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213841", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213843", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213848", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-04", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-37450", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-05T14:56:27.420815Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-07-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-37450"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T13:59:31.655Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213826", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213846", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213841", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213843", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT213848", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-04", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:16:30.475Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-37450", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-05T14:56:27.420815Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-07-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-37450"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T13:55:49.068Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "9.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213826"}, {"url": "https://support.apple.com/en-us/HT213846"}, {"url": "https://support.apple.com/en-us/HT213841"}, {"url": "https://support.apple.com/en-us/HT213843"}, {"url": "https://support.apple.com/en-us/HT213848"}, {"url": "https://security.gentoo.org/glsa/202401-04"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-01-05T14:06:42.026Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37450", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:01:26.065Z", "dateReserved": "2023-07-05T20:47:01.012Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2023-07-26T23:21:56.324Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-08-03", "cisaExploitAdd": "2023-07-13", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", "cisaVulnerabilityName": "Apple Multiple Products WebKit Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B0824AC-450A-4DC8-8BA6-E59530160953", "versionEndExcluding": "16.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "F362BEC4-90C7-4305-BFF9-645FE6C52DFE", "versionEndExcluding": "16.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB63BAC2-C756-428C-8BAC-BAD39FBE5EF4", "versionEndExcluding": "16.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D701507-146E-4E5B-8C32-60E797E46627", "versionEndExcluding": "13.5", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "339039D5-7AAC-4252-B4F6-BFCEBB48D92A", "versionEndExcluding": "16.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "90DFD981-D950-40B0-A699-4878B653A20D", "versionEndExcluding": "9.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C7F88F0-0092-4338-A52F-1A2ED27460B5", "versionEndExcluding": "2.42.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "id": "CVE-2023-37450", "lastModified": "2025-02-14T16:21:00.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-27T00:15:15.497", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-04"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213826"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213841"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213843"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213846"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213826"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213846"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213848"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4202", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.38.5-1.el8_8.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4201", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.38.5-1.el9_2.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-07-18T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: arbitrary code execution", "id": "2223000", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223000"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-94", "details": ["The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "This vulnerability can be mitigated by setting the environment variable JSC_useWebAssembly=0, which will disable support for WebAssembly. It's not necessary to set this environment variable if you're already using JavaScriptCoreUseJIT=0 to mitigate other CVEs because WebAssembly depends on JIT."}, "name": "CVE-2023-37450", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-07-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-37450\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37450\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Important"}