CVE-2022-42797

CVE Database · CVE-2022-42797

· HIGHModified

CVSS v3.1

7.8

EPSS

0.31%

Published

Feb 27, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-74

Affected Products (1)

apple · xcode (up to 14.1)vulnerable

References (2)

Release NotesVendor Advisory

Release NotesVendor Advisory