loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Primary | 2.0 | 10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |