VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mspb-tu5j-xubq

Essentials
Severities (30)
References (27)
Severity details (14)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-mspb-tu5j-xubq
Aliases	CVE-2021-1871
Summary	A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Status	Published
Exploitability	2.0
Weighted Severity	8.8
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

Improper Input Validation

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1871.json
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
epss	0.00997	https://api.first.org/data/v1/epss?cve=CVE-2021-1871
cvssv3.1	9.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
ssvc	Act	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-1871
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-1871
archlinux	High	https://security.archlinux.org/AVG-1744
archlinux	High	https://security.archlinux.org/AVG-1745
cvssv3.1	9.8	https://support.apple.com/en-us/HT212146
ssvc	Act	https://support.apple.com/en-us/HT212146
cvssv3.1	9.8	https://support.apple.com/en-us/HT212147
ssvc	Act	https://support.apple.com/en-us/HT212147
cvssv3.1	9.8	https://www.debian.org/security/2021/dsa-4923
ssvc	Act	https://www.debian.org/security/2021/dsa-4923

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1871.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-1871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1788
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1844
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30682
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1944867		https://bugzilla.redhat.com/show_bug.cgi?id=1944867
AVG-1744		https://security.archlinux.org/AVG-1744
AVG-1745		https://security.archlinux.org/AVG-1745
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:mac_os_x::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
cpe:2.3:o:apple:mac_os_x:10.15.7:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:-::::::
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020::::::
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:fedoraproject:fedora:33:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
CVE-2021-1871		https://nvd.nist.gov/vuln/detail/CVE-2021-1871
dsa-4923		https://www.debian.org/security/2021/dsa-4923
HT212146		https://support.apple.com/en-us/HT212146
HT212147		https://support.apple.com/en-us/HT212147
L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
RHSA-2021:4381		https://access.redhat.com/errata/RHSA-2021:4381
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364
USN-4939-1		https://usn.ubuntu.com/4939-1/

Data source	KEV
Date added	Nov. 3, 2021
Description	Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply updates per vendor instructions.
Due date	Nov. 17, 2021
Note	https://nvd.nist.gov/vuln/detail/CVE-2021-1871
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1871.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:33:21Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1871

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1871

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212146

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:33:21Z/ Found at https://support.apple.com/en-us/HT212146

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:33:21Z/ Found at https://support.apple.com/en-us/HT212147

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2021/dsa-4923

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:33:21Z/ Found at https://www.debian.org/security/2021/dsa-4923

Exploit Prediction Scoring System (EPSS)

Percentile	0.7603
EPSS Score	0.00997
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:30:34.926806+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.15/community.json	37.0.0