cbcvebase.
CVE-2018-11713
published 2018-06-04

CVE-2018-11713: WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without…

PriorityP431medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
1.59%
72.6th percentile
WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianwebkit2gtk< webkit2gtk 2.20.0-2 (bookworm)webkit2gtk 2.20.0-2 (bookworm)
gnomelibsoup< 2.62.02.62.0
webkitgtkwebkitgtk< 2.20.02.20.0

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.