webkit2gtk: Multiple vulnerabilities (CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870)ID: oval:org.secpod.oval:def:1801938 | Date: (C)2021-08-02 (M)2024-05-16 |
Class: PATCH | Family: unix |
*CVE-2020-27918 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management. *CVE-2020-29623 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. A user may be unable to fully delete browsing history. ���Clear History and Website Data��� did not clear the history in some circumstances. The issue was addressed with improved data deletion. *CVE-2021-1765 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Maliciously crafted web content may violate iframe sandboxing policy. This issue was addressed with improved iframe sandbox enforcement. *CVE-2021-1789 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. A type confusion issue was addressed with improved state handling. *CVE-2021-1799 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers, A port redirection issue was addressed with additional port validation. *CVE-2021-1801 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. Maliciously crafted web content may violate iframe sandboxing policy. This issue was addressed with improved iframe sandbox enforcement. *CVE-2021-1870 Versions affected: WebKitGTK before 2.30.6 and WPE WebKit before 2.30.6. A remote attacker may be able to cause arbitrary code execution.
Platform: |
Alpine Linux 3.14 |