Free Trial

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004

[vc_row][vc_column][vc_column_text]

Hlohovec Overview :
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

CVE-2020-11793

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2020-11793
    • Versions affected: WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1.
    • Credit to Cim Stordal of Cognite.
    • Impact: Processing maliciously crafted web content may lead to arbitrary code execution or application crash (denial of service). Description: A memory corruption issue (use-after-free) was addressed with improved memory handling.

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.

 

 

WebKitGTK and WPE WebKit Security Advisory WSA-2020-0004

  • Date Reported: April 16, 2020
  • Advisory ID: WSA-2020-0004
  • CVE identifiers: CVE-2020-11793.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2020-11793
    • Versions affected: WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1.
    • Credit to Cim Stordal of Cognite.
    • Impact: Processing maliciously crafted web content may lead to arbitrary code execution or application crash (denial of service). Description: A memory corruption issue (use-after-free) was addressed with improved memory handling.

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.[/vc_column_text][/vc_column][/vc_row]

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-34515 : SPATIE IMAGE-OPTIMIZER UP TO 1.7.2 PHAR DESERIALIZATION FILE_EXISTS DESERIALIZATION

CVE-2024-34515 : SPATIE IMAGE-OPTIMIZER UP TO 1.7.2 PHAR DESERIALIZATION FILE_EXISTS DESERIALIZATION

Description image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). References https://github.com/spatie/image-optimizer/issues/210 https://github.com/spatie/image-optimizer/compare/1.7.2…1.7.3 https://github.com/spatie/image-optimizer/pull/211 For

Learn more
CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING

CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING

Description Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using `forward-auth` plugin. This issue affects

Learn more
CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

CVE-2024-22144 : ELI SCHEETZ ANTI-MALWARE SECURITY AND BRUTE-FORCE FIREWALL PLUGIN CODE INJECTION

Description Improper Control of Generation of Code (‘Code Injection’) vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows

Learn more