CVE-2024-27821
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
14/05/2024
Last modified:
12/12/2024
Description
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
Impact
Base Score 3.x
4.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 17.5 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 17.5 (excluding) | |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 14.0 (including) | 14.5 (excluding) |
| cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* | 10.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/fulldisclosure/2024/May/10
- http://seclists.org/fulldisclosure/2024/May/12
- http://seclists.org/fulldisclosure/2024/May/16
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/kb/HT214101
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106
- http://seclists.org/fulldisclosure/2024/May/10
- http://seclists.org/fulldisclosure/2024/May/12
- http://seclists.org/fulldisclosure/2024/May/16
- https://support.apple.com/en-us/HT214101
- https://support.apple.com/en-us/HT214104
- https://support.apple.com/en-us/HT214106
- https://support.apple.com/kb/HT214101
- https://support.apple.com/kb/HT214104
- https://support.apple.com/kb/HT214106