VAR-202108-2061
Vulnerability from variot - Updated: 2024-08-14 13:01A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. apple's iTunes U There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about the security content is also available at https://support.apple.com/HT212809. CVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School
Installation note:
iTunes U 3.8.3 for iOS may be obtained from the App Store.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9 Sg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs 0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz QaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN OPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci SM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr 1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR Q2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1 7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK 6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN AnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc= =M9XX -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes u",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "3.8.3"
},
{
"model": "itunes u",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "3.8.3"
},
{
"model": "itunes u",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164252"
}
],
"trust": 0.1
},
"cve": "CVE-2021-30862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30862",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-390595",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30862",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-30862",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30862",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30862",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-1954",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390595",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30862",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. apple\u0027s iTunes U There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about\nthe security content is also available at\nhttps://support.apple.com/HT212809. \nCVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School\n\nInstallation note:\n\niTunes U 3.8.3 for iOS may be obtained from the App Store. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9\nSg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs\n0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz\nQaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN\nOPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci\nSM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr\n1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR\nQ2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1\n7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK\n6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN\nAnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc=\n=M9XX\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30862"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"db": "PACKETSTORM",
"id": "164252"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30862",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "164252",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3156",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091606",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-390595",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30862",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "PACKETSTORM",
"id": "164252"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"id": "VAR-202108-2061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390595"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:01:19.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212809 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212809"
},
{
"title": "Apple iTunes Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168173"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212809"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30862"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3156"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091606"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164252/apple-security-advisory-2021-09-20-9.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2021/sep/41"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212809."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "PACKETSTORM",
"id": "164252"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390595"
},
{
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"db": "PACKETSTORM",
"id": "164252"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390595"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"date": "2021-09-22T16:37:25",
"db": "PACKETSTORM",
"id": "164252"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"date": "2021-08-24T19:15:14.520000",
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-390595"
},
{
"date": "2021-11-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30862"
},
{
"date": "2024-07-18T06:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021194"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-1954"
},
{
"date": "2023-11-07T03:33:34.903000",
"db": "NVD",
"id": "CVE-2021-30862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-1954"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0iTunes\u00a0U\u00a0 Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…