DSA-5397-1 wpewebkit -- wpewebkitID: oval:org.secpod.oval:def:610530 | Date: (C)2023-05-12 (M)2024-05-22 |
Class: PATCH | Family: unix |
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-0108 Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. CVE-2022-32885 P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-27932 An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2023-27954 An anonymous researcher discovered that a website may be able to track sensitive user information. CVE-2023-28205 Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Product: |
libwpewebkit-1.0-doc |
wpewebkit-driver |
libwpewebkit-1.0-3 |
libwpewebkit-1.0-dev |