CVE-2018-4277
HIGHSafari < 11.1.1 - URL Spoofing via Improper Input Validation
Title source: llmDescription
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208854
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208935
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208937
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041232
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208936
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT208938
Scores
CVSS v3
7.5
EPSS
0.0187
EPSS Percentile
76.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (5)
apple/iphone_os
< 11.4.1
apple/mac_os_x
< 10.13.6
apple/safari
< 11.1.1
apple/tvos
< 11.4.1
apple/watchos
< 4.3.2
Published
Jan 11, 2019
Tracked Since
Feb 18, 2026