CVE-2020-27918 - Vulnerability Details

Vendors	Products
Apple	Icloud Ipados Iphone Os Itunes Macos Safari Tvos Watchos
Debian	Debian Linux
Fedoraproject	Fedora
Redhat	Enterprise Linux
Webkitgtk	Webkitgtk\+

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.32.3-2.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2021:4381	2021-11-09T00:00:00Z

Link	Providers
http://seclists.org/fulldisclosure/2020/Dec/32
http://www.openwall.com/lists/oss-security/2021/03/22/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://nvd.nist.gov/vuln/detail/CVE-2020-27918
https://security.gentoo.org/glsa/202104-03
https://support.apple.com/en-us/HT211928
https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211930
https://support.apple.com/en-us/HT211931
https://support.apple.com/en-us/HT211933
https://support.apple.com/en-us/HT211934
https://support.apple.com/en-us/HT211935
https://webkitgtk.org/security/WSA-2021-0002.html
https://www.cve.org/CVERecord?id=CVE-2020-27918
https://www.debian.org/security/2021/dsa-4877

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "7.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "14.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "14.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.11", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-01T01:06:23", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211931"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211935"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211934"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211928"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211929"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211930"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT211933"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"name": "[oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"}, {"name": "FEDORA-2021-8070916f7a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/"}, {"name": "DSA-4877", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4877"}, {"name": "FEDORA-2021-864dc37032", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"name": "FEDORA-2021-619711d709", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"}, {"name": "GLSA-202104-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202104-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-27918", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "7.1"}]}}, {"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.2"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.2"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.0"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.11"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.0"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.5"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.5"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT211931", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211931"}, {"name": "https://support.apple.com/en-us/HT211935", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211935"}, {"name": "https://support.apple.com/en-us/HT211934", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211934"}, {"name": "https://support.apple.com/en-us/HT211928", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211928"}, {"name": "https://support.apple.com/en-us/HT211929", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211929"}, {"name": "https://support.apple.com/en-us/HT211930", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211930"}, {"name": "https://support.apple.com/en-us/HT211933", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT211933"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"name": "[oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"}, {"name": "FEDORA-2021-8070916f7a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/"}, {"name": "DSA-4877", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4877"}, {"name": "FEDORA-2021-864dc37032", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"name": "FEDORA-2021-619711d709", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"}, {"name": "GLSA-202104-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202104-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:25:43.860Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211931"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211935"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211934"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211929"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211930"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT211933"}, {"name": "20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"name": "[oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"}, {"name": "FEDORA-2021-8070916f7a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/"}, {"name": "DSA-4877", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4877"}, {"name": "FEDORA-2021-864dc37032", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"name": "FEDORA-2021-619711d709", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"}, {"name": "GLSA-202104-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202104-03"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-27918", "datePublished": "2020-12-08T21:11:49", "dateReserved": "2020-10-27T00:00:00", "dateUpdated": "2024-08-04T16:25:43.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : watchOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 7.1 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

1 : { »

product : iOS and iPadOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 14.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

2 : { »

product : tvOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 14.2 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

3 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 11.0 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

4 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 12.11 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

5 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 14.0 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

6 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 11.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

7 : { »

product : macOS (string)

vendor : Apple (string)

versions : [ »

0 : { »

lessThan : 11.5 (string)

status : affected (string)

version : unspecified (string)

versionType : custom (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Processing maliciously crafted web content may lead to arbitrary code execution (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-05-01T01:06:23 (string)

orgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

shortName : apple (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211931 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211935 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211934 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211928 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211929 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211930 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.apple.com/en-us/HT211933 (string)

}

7 : { »

name : 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2020/Dec/32 (string)

}

8 : { »

name : [oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2021/03/22/1 (string)

}

9 : { »

name : FEDORA-2021-8070916f7a (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/ (string)

}

10 : { »

name : DSA-4877 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2021/dsa-4877 (string)

}

11 : { »

name : FEDORA-2021-864dc37032 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ (string)

}

12 : { »

name : FEDORA-2021-619711d709 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ (string)

}

13 : { »

name : GLSA-202104-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/202104-03 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : product-security@apple.com (string)

ID : CVE-2020-27918 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : watchOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 7.1 (string)

}

]

}

1 : { »

product_name : iOS and iPadOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 14.2 (string)

}

]

}

2 : { »

product_name : tvOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 14.2 (string)

}

]

}

3 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 11.0 (string)

}

]

}

4 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 12.11 (string)

}

]

}

5 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 14.0 (string)

}

]

}

6 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 11.5 (string)

}

]

}

7 : { »

product_name : macOS (string)

version : { »

version_data : [ »

0 : { »

version_affected : < (string)

version_value : 11.5 (string)

}

]

}

]

}

vendor_name : Apple (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Processing maliciously crafted web content may lead to arbitrary code execution (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.apple.com/en-us/HT211931 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211931 (string)

}

1 : { »

name : https://support.apple.com/en-us/HT211935 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211935 (string)

}

2 : { »

name : https://support.apple.com/en-us/HT211934 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211934 (string)

}

3 : { »

name : https://support.apple.com/en-us/HT211928 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211928 (string)

}

4 : { »

name : https://support.apple.com/en-us/HT211929 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211929 (string)

}

5 : { »

name : https://support.apple.com/en-us/HT211930 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211930 (string)

}

6 : { »

name : https://support.apple.com/en-us/HT211933 (string)

refsource : MISC (string)

url : https://support.apple.com/en-us/HT211933 (string)

}

7 : { »

name : 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (string)

refsource : FULLDISC (string)

url : http://seclists.org/fulldisclosure/2020/Dec/32 (string)

}

8 : { »

name : [oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2021/03/22/1 (string)

}

9 : { »

name : FEDORA-2021-8070916f7a (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/ (string)

}

10 : { »

name : DSA-4877 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2021/dsa-4877 (string)

}

11 : { »

name : FEDORA-2021-864dc37032 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ (string)

}

12 : { »

name : FEDORA-2021-619711d709 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ (string)

}

13 : { »

name : GLSA-202104-03 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/202104-03 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T16:25:43.860Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211931 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211935 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211934 (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211928 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211929 (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211930 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.apple.com/en-us/HT211933 (string)

}

7 : { »

name : 20201215 APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2020/Dec/32 (string)

}

8 : { »

name : [oss-security] 20210322 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0002 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2021/03/22/1 (string)

}

9 : { »

name : FEDORA-2021-8070916f7a (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/ (string)

}

10 : { »

name : DSA-4877 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2021/dsa-4877 (string)

}

11 : { »

name : FEDORA-2021-864dc37032 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ (string)

}

12 : { »

name : FEDORA-2021-619711d709 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ (string)

}

13 : { »

name : GLSA-202104-03 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/202104-03 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 286789f9-fbc2-4510-9f9a-43facdede74c (string)

assignerShortName : apple (string)

cveId : CVE-2020-27918 (string)

datePublished : 2020-12-08T21:11:49 (string)

dateReserved : 2020-10-27T00:00:00 (string)

dateUpdated : 2024-08-04T16:25:43.860Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709", "versionEndExcluding": "11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BB5256B0-7FBC-4A35-8E15-0C333EE0B366", "versionEndExcluding": "12.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "581C969D-14D7-4BE0-9CE5-1741FD34B5D6", "versionEndExcluding": "14.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8768B67A-43ED-4726-A99F-A0A57A9A2CEC", "versionEndExcluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "468039C1-6A38-44D0-A0A1-294966117744", "versionEndExcluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2EE75CC-3796-416A-9E58-64788BB89240", "versionEndExcluding": "11.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "25DF8721-B1E2-45AF-87FD-14AB02B5506A", "versionEndExcluding": "14.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "845B0F8C-2958-4BD2-9141-DCF894AFB953", "versionEndExcluding": "7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "762B4174-D986-4C4C-9439-9DEEEE91256D", "versionEndExcluding": "2.30.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 un problema de uso de la memoria previamente liberada, con una administraci\u00f3n de la memoria mejorada.&#xa0;Este problema se corrigi\u00f3 en macOS Big Sur versi\u00f3n 11.0.1, watchOS versi\u00f3n 7.1, iOS versi\u00f3n 14.2 y iPadOS versi\u00f3n 14.2, iCloud para Windows versi\u00f3n 11.5, Safari versi\u00f3n 14.0.1, tvOS versi\u00f3n 14.2, iTunes versi\u00f3n 12.11 para Windows.&#xa0;El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2020-27918", "lastModified": "2024-11-21T05:22:03.033", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-08T22:15:18.727", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"}, {"source": "product-security@apple.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-03"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211928"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211929"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211930"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211931"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211933"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211934"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211935"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Dec/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202104-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211930"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211931"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT211935"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4877"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : 5AD2710B-E1DB-4D6C-9A0E-1EC033AEC709 (string)

versionEndExcluding : 11.5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:* (string)

matchCriteriaId : BB5256B0-7FBC-4A35-8E15-0C333EE0B366 (string)

versionEndExcluding : 12.11 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 581C969D-14D7-4BE0-9CE5-1741FD34B5D6 (string)

versionEndExcluding : 14.0.1 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8768B67A-43ED-4726-A99F-A0A57A9A2CEC (string)

versionEndExcluding : 14.2 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 468039C1-6A38-44D0-A0A1-294966117744 (string)

versionEndExcluding : 14.2 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F2EE75CC-3796-416A-9E58-64788BB89240 (string)

versionEndExcluding : 11.0.1 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 25DF8721-B1E2-45AF-87FD-14AB02B5506A (string)

versionEndExcluding : 14.2 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 845B0F8C-2958-4BD2-9141-DCF894AFB953 (string)

versionEndExcluding : 7.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* (string)

matchCriteriaId : 36D96259-24BD-44E2-96D9-78CE1D41F956 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* (string)

matchCriteriaId : E460AA51-FCDA-46B9-AE97-E6676AA5E194 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* (string)

matchCriteriaId : A930E247-0B43-43CB-98FF-6CE7B8189835 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07B237A9-69A3-4A9C-9DA0-4E06BD37AE73 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 762B4174-D986-4C4C-9439-9DEEEE91256D (string)

versionEndExcluding : 2.30.6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (string)

}

1 : { »

lang : es (string)

value : Se abordó un problema de uso de la memoria previamente liberada, con una administración de la memoria mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.1, iOS versión 14.2 y iPadOS versión 14.2, iCloud para Windows versión 11.5, Safari versión 14.0.1, tvOS versión 14.2, iTunes versión 12.11 para Windows. El procesamiento de contenido web diseñado maliciosamente puede conllevar a una ejecución de código arbitraria (string)

}

]

id : CVE-2020-27918 (string)

lastModified : 2024-11-21T05:22:03.033 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-12-08T22:15:18.727 (string)

references : [ »

0 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://seclists.org/fulldisclosure/2020/Dec/32 (string)

}

1 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2021/03/22/1 (string)

}

2 : { »

source : product-security@apple.com (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/ (string)

}

3 : { »

source : product-security@apple.com (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ (string)

}

4 : { »

source : product-security@apple.com (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ (string)

}

5 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/202104-03 (string)

}

6 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211928 (string)

}

7 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211929 (string)

}

8 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211930 (string)

}

9 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211931 (string)

}

10 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211933 (string)

}

11 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211934 (string)

}

12 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211935 (string)

}

13 : { »

source : product-security@apple.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2021/dsa-4877 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://seclists.org/fulldisclosure/2020/Dec/32 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Third Party Advisory (string)

]

url : http://www.openwall.com/lists/oss-security/2021/03/22/1 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQ3U3VBSOJB46WCO66TEWE5OAXLTU3YW/ (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://security.gentoo.org/glsa/202104-03 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211928 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211929 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211930 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211931 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211933 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211934 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.apple.com/en-us/HT211935 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://www.debian.org/security/2021/dsa-4877 (string)

}

]

sourceIdentifier : product-security@apple.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2021:4381", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.32.3-2.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Use-after-free leading to arbitrary code execution", "id": "1944323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944323"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.", "A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2020-27918", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-03-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-27918\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27918\nhttps://webkitgtk.org/security/WSA-2021-0002.html"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2021:4381 (string)

cpe : cpe:/a:redhat:enterprise_linux:8 (string)

package : webkit2gtk3-0:2.32.3-2.el8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2021-11-09T00:00:00Z (string)

}

]

bugzilla : { »

description : webkitgtk: Use-after-free leading to arbitrary code execution (string)

id : 1944323 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1944323 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 7.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-416 (string)

details : [ »

0 : A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. (string)

1 : A use-after-free issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (string)

]

name : CVE-2020-27918 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk3 (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Out of support scope (string)

package_name : webkitgtk4 (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:9 (string)

fix_state : Not affected (string)

package_name : webkit2gtk3 (string)

product_name : Red Hat Enterprise Linux 9 (string)

}

]

public_date : 2021-03-22T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2020-27918 https://nvd.nist.gov/vuln/detail/CVE-2020-27918 https://webkitgtk.org/security/WSA-2021-0002.html (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object