VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-z8xq-1jky-37eq

Essentials
Severities (36)
References (31)
Severity details (17)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-z8xq-1jky-37eq
Aliases	CVE-2021-30661
Summary	A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-20	Improper Input Validation
CWE-416	Use After Free

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30661.json
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2021-30661
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30661
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2021-30661
archlinux	High	https://security.archlinux.org/AVG-2208
archlinux	High	https://security.archlinux.org/AVG-2209
cvssv3.1	8.8	https://support.apple.com/en-us/HT212317
ssvc	Attend	https://support.apple.com/en-us/HT212317
cvssv3.1	8.8	https://support.apple.com/en-us/HT212318
ssvc	Attend	https://support.apple.com/en-us/HT212318
cvssv3.1	8.8	https://support.apple.com/en-us/HT212323
ssvc	Attend	https://support.apple.com/en-us/HT212323
cvssv3.1	8.8	https://support.apple.com/en-us/HT212324
ssvc	Attend	https://support.apple.com/en-us/HT212324
cvssv3.1	8.8	https://support.apple.com/en-us/HT212325
ssvc	Attend	https://support.apple.com/en-us/HT212325
cvssv3.1	8.8	https://support.apple.com/en-us/HT212341
ssvc	Attend	https://support.apple.com/en-us/HT212341

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30661.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-30661
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13543
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13584
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9947
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9948
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9951
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9983
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1817
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1820
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1825
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1826
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661
1986870		https://bugzilla.redhat.com/show_bug.cgi?id=1986870
AVG-2208		https://security.archlinux.org/AVG-2208
AVG-2209		https://security.archlinux.org/AVG-2209
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2021-30661		https://nvd.nist.gov/vuln/detail/CVE-2021-30661
HT212317		https://support.apple.com/en-us/HT212317
HT212318		https://support.apple.com/en-us/HT212318
HT212323		https://support.apple.com/en-us/HT212323
HT212324		https://support.apple.com/en-us/HT212324
HT212325		https://support.apple.com/en-us/HT212325
HT212341		https://support.apple.com/en-us/HT212341
RHSA-2021:1586		https://access.redhat.com/errata/RHSA-2021:1586
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364

Data source	KEV
Date added	Nov. 3, 2021
Description	Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply updates per vendor instructions.
Due date	Nov. 17, 2021
Note	https://nvd.nist.gov/vuln/detail/CVE-2021-30661
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30661.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30661

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30661

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212317

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212317

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212318

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212318

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212323

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212323

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212324

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212325

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212325

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212341

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:25:03Z/ Found at https://support.apple.com/en-us/HT212341

Exploit Prediction Scoring System (EPSS)

Percentile	0.44485
EPSS Score	0.00218
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:54:18.825030+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.18/community.json	37.0.0