Search for vulnerabilities
| Vulnerability ID | VCID-y4mh-xhvx-yubd |
| Aliases |
CVE-2020-9850
|
| Summary | Multiple vulnerabilities have been found in WebKitGTK+, the worst of which could result in the arbitrary execution of code. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 9.0 |
| Risk | 10.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 7.3 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9850.json |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| epss | 0.82826 | https://api.first.org/data/v1/epss?cve=CVE-2020-9850 |
| cvssv3.1 | 7.3 | https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml |
| archlinux | Critical | https://security.archlinux.org/AVG-1203 |
| Data source | Metasploit |
|---|---|
| Description | This module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the <embed> element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion (CVE-2020-9850). The type confusion can be used as addrof and fakeobj primitives that then lead to arbitrary read/write of memory. These primitives allow us to write shellcode into a JIT region (RWX memory) containing the next stage of the exploit. The next stage uses CVE-2020-9856 to exploit a heap overflow in CVM Server, and extracts a macOS application containing our payload into /var/db/CVMS. The payload can then be opened with CVE-2020-9801, executing the payload as a user but without sandbox restrictions. |
| Note | Reliability: - repeatable-session SideEffects: - ioc-in-logs Stability: - crash-safe |
| Ransomware campaign use | Unknown |
| Source publication date | March 18, 2020 |
| Platform | OSX,Python,Unix |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/osx/browser/safari_in_operator_side_effect.rb |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.99236 |
| EPSS Score | 0.82826 |
| Published At | April 1, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:12:06.413779+00:00 | Gentoo Importer | Import | https://security.gentoo.org/glsa/202007-11 | 38.0.0 |