CVE-2021-30975 — Incorrect Authorization in Apple Macos

CWE-863 — Incorrect Authorization6 documents4 sources

Severity

8.6HIGHNVD

OSV9.8

EPSS

0.4%

top 36.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple MAC OS X Artifex Mujs

Timeline

PublishedAug 24

Latest updateJun 18

Description

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5apple/macosunspecified — 12.1+2

▶NVDapple/macos11.0 — 11.6.2+1

▶NVDapple/mac_os_x10.15 — 10.15.7+1

▶Ubuntuartifex/mujs< 1.1.3-3ubuntu0.1~esm1

🔴Vulnerability Details

OSV

mujs vulnerabilities↗2025-06-18

▶

CVEList

CVE-2021-30975: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary↗2021-08-24

▶

📋Vendor Advisories

Apple

CVE-2021-30975: macOS Monterey 12.1↗2021-12-13

▶

Apple

CVE-2021-30975: Security Update 2021-008 Catalina↗2021-12-13

▶

Apple

CVE-2021-30975: macOS Big Sur 11.6.2↗2021-12-13

▶