VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dft5-2k7x-3uak

Essentials
Severities (69)
References (102)
Severity details (44)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dft5-2k7x-3uak
Aliases	CVE-2020-6506 GHSA-36j3-xxf7-4pqg
Summary	Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-863	Incorrect Authorization
CWE-358	Improperly Implemented Security Check for Standard
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json
cvssv3.1	6.5	https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
generic_textual	MODERATE	https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00533	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.00963	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01746	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01746	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01746	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
cvssv3.1	6.5	https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
generic_textual	MODERATE	https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
cvssv3.1	6.5	https://crbug.com/1083819
generic_textual	MODERATE	https://crbug.com/1083819
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://github.com/react-native-community/react-native-webview
generic_textual	MODERATE	https://github.com/react-native-community/react-native-webview
cvssv3.1	6.5	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1_qr	MODERATE	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
generic_textual	MODERATE	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/pull/1747
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/pull/1747
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1_qr	MODERATE	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2020-6506
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2020-6506
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-6506
archlinux	High	https://security.archlinux.org/AVG-1190
cvssv3.1	6.5	https://security.gentoo.org/glsa/202007-08
generic_textual	MODERATE	https://security.gentoo.org/glsa/202007-08
cvssv3.1	6.5	https://security.gentoo.org/glsa/202101-30
generic_textual	MODERATE	https://security.gentoo.org/glsa/202101-30
cvssv3.1	6.5	https://www.npmjs.com/advisories/1560
generic_textual	MODERATE	https://www.npmjs.com/advisories/1560

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json
		https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
		https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/
		https://api.first.org/data/v1/epss?cve=CVE-2020-6506
		https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
		https://crbug.com/1083819
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6492
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6497
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6498
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
		https://github.com/react-native-community/react-native-webview
		https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
		https://github.com/react-native-webview/react-native-webview/pull/1747
		https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
		https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
		https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69%40%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5%40%3Ccommits.cordova.apache.org%3E
		https://nvd.nist.gov/vuln/detail/CVE-2020-6506
		https://security.gentoo.org/glsa/202007-08
		https://security.gentoo.org/glsa/202101-30
		https://www.npmjs.com/advisories/1560
1847269		https://bugzilla.redhat.com/show_bug.cgi?id=1847269
AVG-1190		https://security.archlinux.org/AVG-1190
GHSA-36j3-xxf7-4pqg		https://github.com/advisories/GHSA-36j3-xxf7-4pqg
RHSA-2020:2643		https://access.redhat.com/errata/RHSA-2020:2643

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://crbug.com/1083819

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-community/react-native-webview

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/pull/1747

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6506

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6506

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202007-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202101-30

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.npmjs.com/advisories/1560

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.66352
EPSS Score	0.00533
Published At	Aug. 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:29:22.439405+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.16/community.json	37.0.0