CVE-2021-30969

A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.15 (including)	10.15.7 (including)
Mac_os_x	Apple	10.15.7-security_update_2020-001 (including)	10.15.7-security_update_2020-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-001 (including)	10.15.7-security_update_2021-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-002 (including)	10.15.7-security_update_2021-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-003 (including)	10.15.7-security_update_2021-003 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-004 (including)	10.15.7-security_update_2021-004 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-005 (including)	10.15.7-security_update_2021-005 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-006 (including)	10.15.7-security_update_2021-006 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-007 (including)	10.15.7-security_update_2021-007 (including)
Macos	Apple	11.0 (including)	11.6.2 (excluding)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-30969
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References