CVE-2020-3864

CWE-3469 documents9 sources
Severity
7.8HIGH
EPSS
0.1%
top 82.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Apple Icloud FOR WindowsApple IOS AND IpadosApple Itunes FOR Windows+9 more
Timeline
PublishedOct 27
Latest updateMay 24

Description

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages16 packages

CVEListV5apple/icloud_for_windowsunspecified10.9+1
CVEListV5apple/itunes_for_windowsunspecified12.10
NVDapple/icloud10.010.9.2+1
CVEListV5apple/tvosunspecified13.3
NVDapple/tvos< 13.3.1

🔴Vulnerability Details

3
GHSA
GHSA-wwr3-9qhx-q62f: A logic issue was addressed with improved validation2022-05-24
CVEList
CVE-2020-3864: A logic issue was addressed with improved validation2020-10-27
OSV
CVE-2020-3864: A logic issue was addressed with improved validation2020-10-27

📋Vendor Advisories

4
Juniper
CVE-2020-1627: A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific pac2020-04-08
Ubuntu
WebKitGTK+ vulnerabilities2020-02-18
Red Hat
webkitgtk: Non-unique security origin for DOM object contexts2020-02-14
Debian
CVE-2020-3864: webkit2gtk - A logic issue was addressed with improved validation. This issue is fixed in iCl...2020

💬Community

1
Bugzilla
CVE-2020-3864 webkitgtk: Non-unique security origin for DOM object contexts2020-09-07
CVE-2020-3864 (HIGH CVSS 7.8) | A logic issue was addressed with im | cvebase.io