{"containers": {"cna": {"affected": [{"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "13.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "13", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."}], "problemTypes": [{"descriptions": [{"description": "Maliciously crafted web content may violate iframe sandboxing policy", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:47:19", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210606"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210605"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2019-8771", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "13.0"}]}}, {"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Maliciously crafted web content may violate iframe sandboxing policy"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210606", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210606"}, {"name": "https://support.apple.com/en-us/HT210605", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210605"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:31:37.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210606"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210605"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2019-8771", "datePublished": "2020-10-27T19:47:19", "dateReserved": "2019-02-18T00:00:00", "dateUpdated": "2024-08-04T21:31:37.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE", "versionEndExcluding": "13.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "8101CDBD-E0C1-4A93-99D9-074C67815E40", "versionEndExcluding": "13.0.", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."}, {"lang": "es", "value": "Este problema se corrigi\u00f3 con una aplicaci\u00f3n del sandbox de iframe mejorada. Este problema se corrigi\u00f3 en Safari versi\u00f3n 13.0.1, iOS versi\u00f3n 13. El contenido web dise\u00f1ado maliciosamente puede violar la pol\u00edtica de sandbox de iframe"}], "id": "CVE-2019-8771", "lastModified": "2024-11-21T04:50:26.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:19.220", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210605"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210606"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4035", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4451", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.28.4-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Violation of iframe sandboxing policy", "id": "1876619", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876619"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified"}, "details": ["This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy."], "name": "CVE-2019-8771", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-8771\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8771\nhttps://webkitgtk.org/security/WSA-2019-0005.html"], "threat_severity": "Moderate"}