CVE-2020-9952

CVE-2020-9952

Name

CVE-2020-9952

Description

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://support.apple.com/HT211850
Release Notes	https://support.apple.com/HT211843
Release Notes	https://support.apple.com/HT211844
Release Notes	https://support.apple.com/HT211845
Release Notes	https://support.apple.com/HT211846
Release Notes	https://support.apple.com/HT211847
Mailing List	http://seclists.org/fulldisclosure/2020/Nov/19
Mailing List	http://seclists.org/fulldisclosure/2020/Nov/18
Mailing List	http://seclists.org/fulldisclosure/2020/Nov/22
Mailing List	http://seclists.org/fulldisclosure/2020/Nov/20
Mailing List	http://www.openwall.com/lists/oss-security/2020/11/23/3
GENTOO	https://security.gentoo.org/glsa/202012-10

Type

URI

Vendor Advisory

https://support.apple.com/HT211850

Release Notes

https://support.apple.com/HT211843

Release Notes

https://support.apple.com/HT211844

Release Notes

https://support.apple.com/HT211845

Release Notes

https://support.apple.com/HT211846

Release Notes

https://support.apple.com/HT211847

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/19

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/18

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/22

Mailing List

http://seclists.org/fulldisclosure/2020/Nov/20

Mailing List

http://www.openwall.com/lists/oss-security/2020/11/23/3

GENTOO

https://security.gentoo.org/glsa/202012-10

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:apple:icloud::::::windows::*`	icloud	>= None	< 7.21
`cpe:2.3:a:apple:icloud::::::windows::*`	icloud	>= 11.0	< 11.4
`cpe:2.3:a:apple:safari::::::::`	safari	>= None	< 14.0
`cpe:2.3:o:apple:ipad_os::::::::`	ipad_os	>= None	< 14.0
`cpe:2.3:o:apple:iphone_os::::::::`	iphone_os	>= None	< 14.0
`cpe:2.3:o:apple:tvos::::::::`	tvos	>= None	< 14.0
`cpe:2.3:o:apple:watchos::::::::`	watchos	>= None	< 7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*

icloud

>= None

< 7.21

cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*

icloud

>= 11.0

< 11.4

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

safari

>= None

< 14.0

cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

ipad_os

>= None

< 14.0

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

iphone_os

>= None

< 14.0

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

tvos

>= None

< 14.0

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

watchos

>= None

< 7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
webkit2gtk	edge-community	2.28.3-r0	None	fixed
webkit2gtk	3.20-community	2.28.3-r0	None	fixed
webkit2gtk	3.19-community	2.28.3-r0	None	fixed
webkit2gtk	3.18-community	2.28.3-r0	None	fixed
webkit2gtk	3.17-community	2.28.3-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

webkit2gtk

edge-community

2.28.3-r0

None

fixed

webkit2gtk

3.20-community