CVE-2024-44309

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-44309

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44309.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-44309

Downstream

DEBIAN-CVE-2024-44309

DLA-3982-1

DSA-5823-1

RHSA-2024:10472

RHSA-2024:10480

RHSA-2024:10481

RHSA-2024:10482

RHSA-2024:10483

RHSA-2024:10489

RHSA-2024:10492

RHSA-2024:10496

RHSA-2024:10501

RHSA-2025:10364

SUSE-SU-2024:4117-1

SUSE-SU-2024:4167-1

SUSE-SU-2024:4292-1

SUSE-SU-2024:4293-1

SUSE-SU-2025:0043-1

SUSE-SU-2025:0096-1

SUSE-SU-2025:0104-1

UBUNTU-CVE-2024-44309

USN-7142-1

Related

Published

2024-11-20T00:15:17Z

Modified

2025-08-09T19:01:28Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.

References

Affected packages