cbcvebase.
CVE-2020-9862
published 2020-10-16

CVE-2020-9862: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS…

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.

Affected

21 ranges
VendorProductVersion rangeFixed in
appleicloud< 7.207.20
appleicloud>= 11.0 < 11.311.3
appleicloud_for_windows>= unspecified < iCloud for Windows 11.3iCloud for Windows 11.3
appleicloud_for_windows>= unspecified < iCloud for Windows 7.20iCloud for Windows 7.20
appleios>= unspecified < iOS 13.6 and iPadOS 13.6iOS 13.6 and iPadOS 13.6
appleios_13.6_and_ipados
appleipados< 13.613.6
appleiphone_os< 13.613.6
appleitunes< 12.10.812.10.8
appleitunes_for_windows>= unspecified < iTunes 12.10.8 for WindowsiTunes 12.10.8 for Windows
applesafari< 13.1.213.1.2
applesafari
applesafari>= unspecified < Safari 13.1.2Safari 13.1.2
appletvos< 13.4.813.4.8
appletvos
appletvos>= unspecified < tvOS 13.4.8tvOS 13.4.8
applewatchos< 6.2.86.2.8
applewatchos
applewatchos>= unspecified < watchOS 6.2.8watchOS 6.2.8
debianwebkit2gtk< webkit2gtk 2.28.4-1 (bookworm)webkit2gtk 2.28.4-1 (bookworm)
debianwpewebkit< webkit2gtk 2.28.4-1 (bookworm)webkit2gtk 2.28.4-1 (bookworm)

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH