vulnerability
Oracle Linux: CVE-2021-30897: ELSA-2022-1777: webkit2gtk3 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Dec 20, 2021 | May 18, 2022 | Nov 29, 2024 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Dec 20, 2021
Added
May 18, 2022
Modified
Nov 29, 2024
Description
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.
A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration.
A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration.
Solution(s)
oracle-linux-upgrade-webkit2gtk3oracle-linux-upgrade-webkit2gtk3-develoracle-linux-upgrade-webkit2gtk3-jscoracle-linux-upgrade-webkit2gtk3-jsc-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.