CVE-2024-54540

Опубликовано: 15 янв. 2025

Источник: nvd

CVSS3: 4.3

CVSS3: 5.5

EPSS Низкий

Описание

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

Ссылки

https://support.apple.com/en-us/122043
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:apple:music:*:*:*:*:*:*:*:*

Версия до 1.5.0.152 (исключая)

Одно из

cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:arm64:*

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-79

Связанные уязвимости

GHSA-jw5g-j894-hv7p

CVSS3: 5.5

github

около 1 года назад

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-79