CVE-2018-8512 — Improper Input Validation in Microsoft Edge

CWE-20 — Improper Input Validation9 documents5 sources

Severity

5.4MEDIUMNVD

NVD4.3

EPSS

3.9%

top 11.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Edge

Timeline

PublishedOct 10

Latest updateMay 14

Description

A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5microsoft/microsoft_edge6 versions+5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-vhfw-vgr5-4gr8: A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specia↗2022-05-14

▶

GHSA

GHSA-7f9f-g56v-548g: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feat↗2022-05-13

▶

CVEList

CVE-2018-8512: A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specia↗2018-10-10

▶

CVEList

CVE-2018-8530: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feat↗2018-10-10

▶

📋Vendor Advisories

Microsoft

Microsoft Edge Security Feature Bypass Vulnerability↗2018-10-09

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage↗2018-10-09

▶

Talos

Microsoft Patch Tuesday — October 18: Vulnerability disclosures and Snort coverage↗2018-10-09

▶