CVE-2020-3884Improper Input Validation in Apple Macos

CWE-20Improper Input ValidationCWE-74Injection3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 33.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MacosApple MAC OS X
Timeline
PublishedApr 1
Latest updateMay 24

Description

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5apple/macosunspecifiedmacOS Catalina 10.15.4
NVDapple/mac_os_x< 10.15.4

🔴Vulnerability Details

1
GHSA
GHSA-3mq5-m58g-fgj3: An injection issue was addressed with improved validation2022-05-24

💬Community

1
Bugzilla
CVE-2019-3884 atomic-openshift: cross-namespace owner references can trigger deletions of valid children2019-03-29