CVE-2009-1713Sensitive Information Exposure in Apple Safari

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.9%
top 24.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedJun 10
Latest updateMay 2

Description

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDapple/safari4.0_beta+25

Patches

Patch: lists.apple.comPatch: support.apple.comPatch: lists.apple.com

🔴Vulnerability Details

1
GHSA
GHSA-2x3g-6456-c8h3: The XSLT functionality in WebKit in Apple Safari before 42022-05-02

📋Vendor Advisories

1
Ubuntu
Qt vulnerabilities2009-11-10