Information Exposure Affecting webkitgtk package, versions [,2.38.0)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.18% (56th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-WEBKITGTK-3105853
  • published7 Nov 2022
  • disclosed31 Oct 2022
  • creditWonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab.

Introduced: 31 Oct 2022

CVE-2022-32923  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade webkitgtk to version 2.38.0 or higher.

Overview

Affected versions of this package are vulnerable to Information Exposure when processing maliciously crafted web content. This can lead to disclosing the internal states of the app.

CVSS Scores

version 3.1