vulnerability
Oracle Linux: CVE-2021-30897: ELSA-2022-1777: webkit2gtk3 security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Dec 20, 2021 | May 18, 2022 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Dec 20, 2021
Added
May 18, 2022
Modified
Dec 3, 2025
Description
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.
A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration.
A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration.
Solutions
oracle-linux-upgrade-webkit2gtk3oracle-linux-upgrade-webkit2gtk3-develoracle-linux-upgrade-webkit2gtk3-jscoracle-linux-upgrade-webkit2gtk3-jsc-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.