{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-42833","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2023-09-14T19:05:11.448Z","datePublished":"2024-01-10T22:03:47.742Z","dateUpdated":"2025-06-11T16:47:17.590Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"Processing web content may lead to arbitrary code execution"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"unspecified","status":"affected","lessThan":"17","versionType":"custom"}]},{"vendor":"Apple","product":"Safari","versions":[{"version":"unspecified","status":"affected","lessThan":"17","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"unspecified","status":"affected","lessThan":"14","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution."}],"references":[{"url":"https://support.apple.com/en-us/HT213938"},{"url":"https://support.apple.com/en-us/HT213941"},{"url":"https://support.apple.com/en-us/HT213940"},{"url":"http://www.openwall.com/lists/oss-security/2024/02/05/8"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2024-02-06T01:06:01.729Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:30:24.637Z"},"title":"CVE Program Container","references":[{"url":"https://support.apple.com/en-us/HT213938","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213941","tags":["x_transferred"]},{"url":"https://support.apple.com/en-us/HT213940","tags":["x_transferred"]},{"url":"http://www.openwall.com/lists/oss-security/2024/02/05/8","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-11-06T19:20:09.099533Z","id":"CVE-2023-42833","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-11T16:47:17.590Z"}}]}}