CVE-2019-6251 — Improper Input Validation in Webkitgtk
Severity
8.1HIGHNVD
CNA4.3OSV4.3
EPSS
2.4%
top 14.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 14
Latest updateMay 13
Description
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2
Affected Packages4 packages
Also affects: Fedora 28, 29, 30, Ubuntu Linux 18.04, 18.10
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
6Bugzilla▶
CVE-2019-6251 webkit2gtk3: webkitgtk: processing maliciously crafted web content lead to URI spoofing [fedora-all]↗2019-06-06
Bugzilla
▶