webkit2gtk: Multiple vulnerabilities (CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925)ID: oval:org.secpod.oval:def:1802041 | Date: (C)2022-03-25 (M)2024-05-22 |
Class: PATCH | Family: unix |
CVE-2020-9862 Copying a URL from Web Inspector may lead to command injection. A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. CVE-2020-9893 A remote attacker may be able to cause unexpected application termination or arbitrary code execution. An use-after-free issue was addressed with improved memory management. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. CVE-2020-9894 A remote attacker may be able to cause unexpected application termination or arbitrary code execution. An out-of-bounds read was addressed with improved input validation. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. CVE-2020-9895 A remote attacker may be able to cause unexpected application termination or arbitrary code execution. An use-after-free issue was addressed with improved memory management. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. CVE-2020-9915 Processing maliciously crafted web content may prevent Content Security Policy from being enforced. An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4. CVE-2020-9925 Processing maliciously crafted web content may lead to universal cross site scripting. A logic issue was addressed with improved state management. Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
Platform: |
Alpine Linux 3.12 |
Alpine Linux 3.13 |
Alpine Linux 3.14 |
Alpine Linux 3.15 |