CVE-2020-9857 : An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in

An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra. A malicious website may be able to exfiltrate autofilled data in Safari.

Published 2020-10-27 21:15:16

Updated 2020-10-29 19:22:51

Source Apple Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-9857

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-9857

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2020-9857

https://support.apple.com/en-us/HT211170

About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support
Release Notes;Vendor Advisory

Products affected by CVE-2020-9857

Apple » Mac Os X
Versions before (<) 10.15.5
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-9857

Exploit prediction scoring system (EPSS) score for CVE-2020-9857

CVSS scores for CVE-2020-9857

References for CVE-2020-9857

Products affected by CVE-2020-9857