CVE-2020-9860Apple Safari vulnerability

3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.4%
top 39.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedOct 27
Latest updateMay 24

Description

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5apple/safariunspecified13.0
NVDapple/safari< 13.0.5

🔴Vulnerability Details

2
GHSA
GHSA-87j3-fc63-8fxv: A custom URL scheme handling issue was addressed with improved input validation2022-05-24
CVEList
CVE-2020-9860: A custom URL scheme handling issue was addressed with improved input validation2020-10-27
CVE-2020-9860 — Apple Safari vulnerability | cvebase