CVE-2011-3229 — Path Traversal in Apple Safari

CWE-22 — Path Traversal CWE-94 — Code Injection2 documents2 sources

Severity

6.8MEDIUMNVD

EPSS

0.2%

top 58.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedOct 14

Latest updateMay 17

Description

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapple/safari5.1+70

🔴Vulnerability Details

GHSA

GHSA-gghq-9c8v-j5pc: Directory traversal vulnerability in Apple Safari before 5↗2022-05-17

▶