Description A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local user may be able to modify protected parts of the file system.
CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Exploitability: 1.8 | Impact: 3.6 Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: High
Availability: None
Affected Packages10 packages Show 5 more packages
🔴 Vulnerability Details2 GHSA GHSA-9hc5-m4g5-3m3c: A parsing issue in the handling of directory paths was addressed with improved path validation ↗ 2022-05-24 ▶ CVEList CVE-2021-1740: A parsing issue in the handling of directory paths was addressed with improved path validation ↗ 2021-09-08 ▶
📋 Vendor Advisories3 Apple CVE-2021-1740: Security Update 2021-002 Catalina ↗ 2021-04-26 ▶ Apple CVE-2021-1740: macOS Big Sur 11.3 ↗ 2021-04-26 ▶ Apple CVE-2021-1740: iOS 14.5 and iPadOS 14.5 ↗ 2021-04-26 ▶
🕵️ Threat Intelligence7 Trendmicro Analyzing an Old Bug and Discovering CVE-2021-30995 ↗ 2022-01-14 ▶ Trendmicro Analyzing an Old Bug and Discovering CVE-2021-30995 ↗ 2022-01-14 ▶ Trendmicro Analyzing an Old Bug and Discovering CVE-2021-30995 ↗ 2022-01-14 ▶ Trendmicro Analyzing an Old Bug and Discovering CVE-2021-30995 ↗ 2022-01-14 ▶ Trendmicro Analyzing an Old Bug and Discovering CVE-2021-30995 ↗ 2022-01-14 ▶ Show 2 more