Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-9850

Опубликовано: 10 июл. 2020
Источник: redhat
CVSS3: 7.3
EPSS Высокий

Описание

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

A logic issue was found in webkitgtk that affected WebKitGTK versions before 2.28.3 and WPE WebKit versions before 2.28.3. This flaw allows a remote attacker to cause arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Отчет

This flaw is being rated as 'Moderate' as WebKitGTK package is shipped as a dependency for Gnome package, additionally Red Hat Enterprise Linux doesn't shipped any WebKitGTK based web browser where this flaw would present a higher severity major threat.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkOut of support scope
Red Hat Enterprise Linux 7webkitgtk3Will not fix
Red Hat Enterprise Linux 7webkitgtk4Will not fix
Red Hat Enterprise Linux 8webkit2gtk3FixedRHSA-2020:445104.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-841
https://bugzilla.redhat.com/show_bug.cgi?id=1879568webkitgtk: Logic issue may lead to arbitrary code execution

EPSS

Процентиль: 99%
0.81158
Высокий

7.3 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-9850

CVSS3: 9.8
ubuntu
около 5 лет назад

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

nvd логотип

CVE-2020-9850

CVSS3: 9.8
nvd
около 5 лет назад

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

debian логотип

CVE-2020-9850

CVSS3: 9.8
debian
около 5 лет назад

A logic issue was addressed with improved restrictions. This issue is ...

github логотип

GHSA-4jv4-fxjp-hmm7

CVSS3: 9.8
github
около 3 лет назад

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.

fstec логотип

BDU:2021-03027

CVSS3: 9.8
fstec
около 5 лет назад

Уязвимость модуля отображения веб-страниц WebKit операционных систем Mac OS, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%
0.81158
Высокий

7.3 High

CVSS3