vulnerability
Red Hat: CVE-2021-30897: CVE-2021-30897 webkitgtk: Cross-origin data exfiltration via resource timing API (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Aug 24, 2021 | May 13, 2022 | Jul 9, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Aug 24, 2021
Added
May 13, 2022
Modified
Jul 9, 2025
Description
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-webkit2gtk3redhat-upgrade-webkit2gtk3-debuginforedhat-upgrade-webkit2gtk3-debugsourceredhat-upgrade-webkit2gtk3-develredhat-upgrade-webkit2gtk3-devel-debuginforedhat-upgrade-webkit2gtk3-jscredhat-upgrade-webkit2gtk3-jsc-debuginforedhat-upgrade-webkit2gtk3-jsc-develredhat-upgrade-webkit2gtk3-jsc-devel-debuginfo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.