CVE-2017-7161
published 2018-04-03CVE-2017-7161: An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote…
PriorityP348high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.16%
80.0th percentile
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | < 11.0.2 | 11.0.2 |
| apple | safari | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | webkit2gtk | < webkit2gtk 2.18.6-1 (bookworm) | webkit2gtk 2.18.6-1 (bookworm) |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8LOW
vendor_ubuntu8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK+ vulnerabilities
vendor_ubuntu·2018-01-30·CVSS 8.8
CVE-2017-13884 [HIGH] WebKitGTK+ vulnerabilities
Title: WebKitGTK+ vulnerabilities
Summary: Several security issues were fixed in WebKitGTK+.
Multiple security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause a
denial of service, spoof the user interface, or execute arbitrary code.
(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,
CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
Apple
CVE-2017-7161: Safari 11.0.2
vendor_apple·2017-12-06·CVSS 8.8
CVE-2017-7161 [HIGH] CVE-2017-7161: Safari 11.0.2
Apple Security Update: About the security content of Safari 11.0.2
Product: Safari
Version: 11.0.2
CVE: CVE-2017-7161
Component: WebKit Web Inspector
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters.
Debian
CVE-2017-7161: webkit2gtk - An issue was discovered in certain Apple products. Safari before 11.0.2 is affec...
vendor_debian·2017·CVSS 8.8
CVE-2017-7161 [HIGH] CVE-2017-7161: webkit2gtk - An issue was discovered in certain Apple products. Safari before 11.0.2 is affec...
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
Scope: local
bookworm: resolved (fixed in 2.18.6-1)
bullseye: resolved (fixed in 2.18.6-1)
forky: resolved (fixed in 2.18.6-1)
sid: resolved (fixed in 2.18.6-1)
trixie: resolved (fixed in 2.18.6-1)
GHSA
GHSA-fqwp-42q8-85r2: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-13
CVE-2017-7161 [HIGH] CWE-77 GHSA-fqwp-42q8-85r2: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
OSV
CVE-2017-7161: An issue was discovered in certain Apple products
osv·2018-04-03·CVSS 8.8
CVE-2017-7161 [HIGH] CVE-2017-7161: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection.
OSV
webkit2gtk vulnerabilities
osv·2018-01-30·CVSS 8.8
CVE-2018-4088 [HIGH] webkit2gtk vulnerabilities
webkit2gtk vulnerabilities
Multiple security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit these to cause a
denial of service, spoof the user interface, or execute arbitrary code.
(CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160,
CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)
No detection rules found.
No public exploits indexed.
2018-04-03
Published