CVE-2019-8725 — Sensitive Information Exposure in Apple Safari

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedDec 18

Latest updateMay 24

Description

The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5apple/safariunspecified — Safari 13.0.1

▶NVDapple/safari< 13.0.1

🔴Vulnerability Details

GHSA

GHSA-px9h-5xxr-mm8w: The issue was addressed with improved handling of service worker lifetime↗2022-05-24

▶

CVEList

CVE-2019-8725: The issue was addressed with improved handling of service worker lifetime↗2019-12-18

▶

📋Vendor Advisories

Apple

CVE-2019-8725: Safari 13.0.1↗2019-09-24

▶