cbcvebase.
CVE-2019-11070
published 2019-04-10

CVE-2019-11070: WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or…

PriorityP428medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
3.29%
87.0th percentile
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianwebkit2gtk< webkit2gtk 2.24.1-1 (bookworm)webkit2gtk 2.24.1-1 (bookworm)
webkitgtkwebkitgtk< 2.24.12.24.1
wpewebkitwpe_webkit< 2.24.12.24.1

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.