CVE-2020-10014Path Traversal in Apple Macos

CWE-22Path Traversal3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.8%
top 26.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedDec 8
Latest updateMay 24

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 1.8 | Impact: 4.0

Affected Packages3 packages

CVEListV5apple/macosunspecified11.0
NVDapple/macos< 11.0.1
NVDapple/mac_os_x10.1410.14.6+3

🔴Vulnerability Details

2
GHSA
GHSA-h8r9-5w83-vj2q: A parsing issue in the handling of directory paths was addressed with improved path validation2022-05-24
CVEList
CVE-2020-10014: A parsing issue in the handling of directory paths was addressed with improved path validation2020-12-08
CVE-2020-10014 — Path Traversal in Apple Macos | cvebase