{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-41993", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-06T17:40:06.142Z", "datePublished": "2023-09-21T18:23:52.197Z", "dateUpdated": "2025-11-04T19:21:43.904Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}], "references": [{"url": "https://support.apple.com/en-us/HT213940"}, {"url": "https://security.gentoo.org/glsa/202401-33"}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-04-26T09:06:59.072Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-41993", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-11T02:17:52.028515Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "iphone_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "0", "lessThan": "14.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "38"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "39"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "20.3.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "21.3.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*"], "vendor": "oracle", "product": "jdk", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "jre", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_acquisition_unit", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_storage_workload_security_agent", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_insight", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_workflow_automation", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "timeline": [{"time": "2023-09-25T00:00:00+00:00", "lang": "en", "value": "CVE-2023-41993 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:05:37.140Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213940", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-33", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/", "tags": ["x_transferred"]}, {"url": "https://webkitgtk.org/security/WSA-2023-0009.html"}, {"url": "https://support.apple.com/kb/HT213930"}, {"url": "https://support.apple.com/kb/HT213926"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:21:43.904Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213940", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-33", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/", "tags": ["x_transferred"]}, {"url": "https://webkitgtk.org/security/WSA-2023-0009.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-29T13:17:27.813Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-41993", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-11T02:17:52.028515Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "iphone_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "0", "lessThan": "14.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "38"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "39"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "20.3.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "21.3.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*"], "vendor": "oracle", "product": "jdk", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "jre", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_acquisition_unit", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_storage_workload_security_agent", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_insight", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_workflow_automation", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "CVE-2023-41993 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T18:44:12.454Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213940"}, {"url": "https://security.gentoo.org/glsa/202401-33"}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-04-26T09:06:59.072Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41993", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:05:37.140Z", "dateReserved": "2023-09-06T17:40:06.142Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2023-09-21T18:23:52.197Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-10-16", "cisaExploitAdd": "2023-09-25", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple Multiple Products WebKit Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FE34465-0131-48BD-9BB6-47F83243BAE3", "versionEndExcluding": "17.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB5FD4B4-540C-4068-90D2-BEC12CDF54D9", "versionEndExcluding": "17.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605", "versionEndExcluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "matchCriteriaId": "00EDC8FF-13F2-4218-9EF4-B509364AE7B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "938A32D1-FBAB-42AE-87A7-AB19402B561A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:*", "matchCriteriaId": "B9155227-6787-4FAA-BB2C-C99D77DD2111", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:*", "matchCriteriaId": "FD4CDABD-BC1E-4A23-8022-D7A0E615C9F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "076EFDED-230F-4848-A138-4CFDF6B863B3", "versionEndExcluding": "2.42.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}, {"lang": "es", "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en Safari 17, iOS 16.7 y iPadOS 16.7, macOS Sonoma 14. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."}], "id": "CVE-2023-41993", "lastModified": "2025-11-05T19:17:52.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-21T19:15:11.660", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-33"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT213926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT213930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://webkitgtk.org/security/WSA-2023-0009.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10364", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "webkitgtk4-0:2.48.3-2.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2023:4202", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.38.5-1.el8_8.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4201", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.38.5-1.el9_2.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-07-18T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: processing malicious web content may lead to arbitrary code execution", "id": "2240522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240522"}, "csaw": true, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", "A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution."], "name": "CVE-2023-41993", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-41993\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41993\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue doesn't affect the versions of webkitgtk as shipped with Red Hat Enterprise Linux 8 and 9 as the flaw relies on JIT engine. JIT was disabled in the past when the fixes for CVE-2023-32435 and CVE-2023-32439 were released.", "threat_severity": "Moderate"}

{}