{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-32923","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","dateUpdated":"2025-05-06T03:27:20.936Z","dateReserved":"2022-06-09T00:00:00.000Z","datePublished":"2022-11-01T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2023-05-30T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"A correctness issue in the JIT was addressed with improved checks. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may disclose internal states of the app."}],"affected":[{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","lessThan":"13","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"16.1","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"16.1","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"16.1","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"unspecified","lessThan":"15.7","status":"affected","versionType":"custom"}]},{"vendor":"Apple","product":"watchOS","versions":[{"version":"unspecified","lessThan":"9.1","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://support.apple.com/en-us/HT213488"},{"url":"https://support.apple.com/en-us/HT213489"},{"url":"https://support.apple.com/en-us/HT213492"},{"url":"https://support.apple.com/en-us/HT213495"},{"url":"https://support.apple.com/en-us/HT213491"},{"url":"https://support.apple.com/en-us/HT213490"},{"name":"[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010","tags":["mailing-list"],"url":"http://www.openwall.com/lists/oss-security/2022/11/04/4"},{"name":"GLSA-202305-32","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202305-32"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Processing maliciously crafted web content may disclose internal states of the app"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T07:54:03.325Z"},"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213488","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213489","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213492","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213495","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213491","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213490","tags":["x_transferred"]},{"name":"[oss-security] 20221104 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0010","tags":["mailing-list","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2022/11/04/4"},{"name":"GLSA-202305-32","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202305-32"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-06T03:26:29.882980Z","id":"CVE-2022-32923","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-06T03:27:20.936Z"}}]}}