Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-9862

Date: October 16, 2020

A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.

Severity Score

Related Resources (13)

https://people.canonical.com/~ubuntu-security/cve/CVE-2020-9862
https://support.apple.com/HT211288
https://security.alpinelinux.org/vuln/CVE-2020-9862
https://security-tracker.debian.org/tracker/CVE-2020-9862
https://nvd.nist.gov/vuln/detail/CVE-2020-9862
https://support.apple.com/HT211295
https://access.redhat.com/security/cve/CVE-2020-9862
https://support.apple.com/HT211294
https://support.apple.com/HT211293
https://support.apple.com/HT211292
https://support.apple.com/HT211291
https://support.apple.com/HT211290
https://www.mend.io/vulnerability-database/CVE-2020-9862

Severity Score

Weakness Type (CWE)

Command Injection

CWE-77

Improper Encoding or Escaping of Output

CWE-116

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us