CVE-2010-1760

CWE-2554 documents4 sources
Severity
10.0CRITICAL
EPSS
1.2%
top 20.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Webkit
Timeline
PublishedAug 19
Latest updateMay 17

Description

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDapple/webkitr58408+4

🔴Vulnerability Details

2
GHSA
GHSA-44c2-fp89-q7rq: loader/DocumentThreadableLoader2022-05-17
CVEList
CVE-2010-1760: loader/DocumentThreadableLoader2010-08-19

💬Community

1
Bugzilla
update webkitgtk to 1.2.32010-07-16
CVE-2010-1760 (CRITICAL CVSS 10) | loader/DocumentThreadableLoader.cpp | cvebase.io