{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-40785", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2024-07-10T17:11:04.689Z", "datePublished": "2024-07-29T22:16:56.242Z", "dateUpdated": "2024-08-02T04:39:54.895Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to a cross site scripting attack"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "1.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack."}], "references": [{"url": "https://support.apple.com/en-us/HT214121"}, {"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214116"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214123"}, {"url": "https://support.apple.com/en-us/HT214122"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:56.242Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T14:53:29.106987Z", "id": "CVE-2024-40785", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T14:53:37.239Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.895Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214121", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214116", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214123", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214122", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT214121", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214117", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214116", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214124", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214119", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214123", "tags": ["x_transferred"]}, {"url": "https://support.apple.com/en-us/HT214122", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "tags": ["x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:39:54.895Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-40785", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-30T14:53:29.106987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T14:53:33.694Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "10.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT214121"}, {"url": "https://support.apple.com/en-us/HT214117"}, {"url": "https://support.apple.com/en-us/HT214116"}, {"url": "https://support.apple.com/en-us/HT214124"}, {"url": "https://support.apple.com/en-us/HT214119"}, {"url": "https://support.apple.com/en-us/HT214123"}, {"url": "https://support.apple.com/en-us/HT214122"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"url": "http://seclists.org/fulldisclosure/2024/Jul/18"}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to a cross site scripting attack"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-07-29T22:16:56.242Z"}}}, "cveMetadata": {"cveId": "CVE-2024-40785", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:39:54.895Z", "dateReserved": "2024-07-10T17:11:04.689Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2024-07-29T22:16:56.242Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39", "versionEndExcluding": "16.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF", "versionEndExcluding": "17.6", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8", "versionEndExcluding": "16.7.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C", "versionEndExcluding": "17.6", "versionStartIncluding": "17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C", "versionEndExcluding": "17.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0", "versionEndExcluding": "10.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5", "versionEndExcluding": "17.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4", "versionEndExcluding": "1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9", "versionEndExcluding": "14.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack."}, {"lang": "es", "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un ataque de Cross Site Scripting."}], "id": "CVE-2024-40785", "lastModified": "2024-08-15T16:46:16.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-29T23:15:11.997", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/15"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/16"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/17"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/18"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/21"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/22"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Jul/23"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214116"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214117"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214119"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214121"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214122"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214123"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT214124"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to a cross site scripting attack", "id": "2302068", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302068"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack."], "name": "CVE-2024-40785", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-40785\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40785"], "statement": "This vulnerability impacts iOS only, thus there's no supported Red Hat product affected by this flaw.", "threat_severity": "Important"}