VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-zv9w-wnfw-5ue5

Essentials
Severities (53)
References (95)
Severity details (43)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zv9w-wnfw-5ue5
Aliases	CVE-2020-6506 GHSA-36j3-xxf7-4pqg
Summary	Android WebView Universal Cross-site Scripting A universal cross-site scripting (UXSS) vulnerability, CVE-2020-6506 (https://crbug.com/1083819), has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps which use a `react-native-webview` that allows navigation to arbitrary URLs, and when that app runs on systems with an Android WebView version prior to 83.0.4103.106. ## Pending mitigation Ensure users update their Android WebView system component via the Google Play Store to 83.0.4103.106 or higher to avoid this UXSS. 'react-native-webview' is working on a mitigation but it could take some time. ### References https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-863	Incorrect Authorization
CWE-358	Improperly Implemented Security Check for Standard
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json
cvssv3.1	6.5	https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
generic_textual	MODERATE	https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
epss	0.01414	https://api.first.org/data/v1/epss?cve=CVE-2020-6506
cvssv3.1	6.5	https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
generic_textual	MODERATE	https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
cvssv3.1	6.5	https://crbug.com/1083819
generic_textual	MODERATE	https://crbug.com/1083819
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://github.com/react-native-community/react-native-webview
generic_textual	MODERATE	https://github.com/react-native-community/react-native-webview
cvssv3.1	6.5	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1_qr	MODERATE	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
generic_textual	MODERATE	https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/pull/1747
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/pull/1747
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
cvssv3.1	6.5	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1_qr	MODERATE	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
generic_textual	MODERATE	https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
cvssv3.1	6.5	https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
cvssv3.1	6.5	https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2020-6506
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2020-6506
archlinux	High	https://security.archlinux.org/AVG-1190
cvssv3.1	6.5	https://security.gentoo.org/glsa/202007-08
generic_textual	MODERATE	https://security.gentoo.org/glsa/202007-08
cvssv3.1	6.5	https://security.gentoo.org/glsa/202101-30
generic_textual	MODERATE	https://security.gentoo.org/glsa/202101-30
cvssv3.1	6.5	https://www.npmjs.com/advisories/1560
generic_textual	MODERATE	https://www.npmjs.com/advisories/1560

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json
		https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506
		https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/
		https://api.first.org/data/v1/epss?cve=CVE-2020-6506
		https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
		https://crbug.com/1083819
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6423
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6430
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6431
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6432
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6433
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6434
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6435
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6436
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6437
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6438
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6439
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6440
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6441
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6442
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6443
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6444
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6445
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6446
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6447
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6448
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6454
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6455
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6456
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6457
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6458
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6459
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6460
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6461
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6462
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6463
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6464
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6465
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6466
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6467
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6468
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6469
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6470
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6471
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6472
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6473
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6474
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6475
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6476
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6478
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6479
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6480
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6481
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6482
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6483
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6484
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6485
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6486
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6487
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6488
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6489
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6490
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6491
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6492
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6493
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6494
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6495
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6496
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6497
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6498
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6505
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6506
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6507
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6509
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6831
		https://github.com/react-native-community/react-native-webview
		https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
		https://github.com/react-native-webview/react-native-webview/pull/1747
		https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0
		https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg
		https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E
		https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E
		https://nvd.nist.gov/vuln/detail/CVE-2020-6506
		https://security.gentoo.org/glsa/202007-08
		https://security.gentoo.org/glsa/202101-30
		https://www.npmjs.com/advisories/1560
1847269		https://bugzilla.redhat.com/show_bug.cgi?id=1847269
AVG-1190		https://security.archlinux.org/AVG-1190
GHSA-36j3-xxf7-4pqg		https://github.com/advisories/GHSA-36j3-xxf7-4pqg
RHSA-2020:2643		https://access.redhat.com/errata/RHSA-2020:2643

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6506.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://crbug.com/1083819

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-community/react-native-webview

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-community/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/pull/1747

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/releases/tag/v11.0.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/react-native-webview/react-native-webview/security/advisories/GHSA-36j3-xxf7-4pqg

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r1ab80f8591d5c2147898076e3945dad1c897513630aabec556883275@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r1eadf38b38ee20405811958c8a01f78d6b28e058c84c9fa6c1a8663d@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/r2769c33da7f7ece7e4e31837c1e1839d6657c7c13bb8d228670b8da0@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/ra58733fbb88d5c513b3f14a14850083d506b9129103e0ab433c3f680@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rc0ebe639927fa09e222aa56bf5ad6e700218f334ecc6ba9da4397728@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rc81e12fc9287f8743d59099b1af40f968f1cfec9eac98a63c2c62c69@%3Cissues.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread.html/rf082834ad237f78a63671aec0cef8874f9232b7614529cc3d3e304c5@%3Ccommits.cordova.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6506

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202007-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://security.gentoo.org/glsa/202101-30

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.npmjs.com/advisories/1560

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.80483
EPSS Score	0.01414
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:59:26.075902+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-36j3-xxf7-4pqg/GHSA-36j3-xxf7-4pqg.json	38.0.0