Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: webkitgtk_4_1

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2025-66286
4.7 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
created 3 weeks, 1 day ago Activity log
  • Created suggestion 3 weeks, 1 day ago
Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

References

Affected products

webkitgtk
webkitgtk3
webkitgtk4
webkit2gtk3

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2025-13502
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 months, 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 5 months, 2 weeks ago
  • @LeSuisse ignored
    5 packages
    • tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-4.0"
    • obs-studio-plugins.obs-webkitgtk
    • haskellPackages.webkit2gtk3-javascriptcore
    • tests.pkg-config.defaultPkgConfigPackages."javascriptcoregtk-4.0"
    • tests.pkg-config.defaultPkgConfigPackages."webkit2gtk-web-extension-4.0"
    4 months, 4 weeks ago
  • @LeSuisse deleted
    4 maintainers
    • @jtojnar
    • @bobby285271
    • @hedning
    • @dasj19
    4 months, 4 weeks ago maintainer.delete
  • @LeSuisse accepted 4 months, 4 weeks ago
  • @LeSuisse published on GitHub 4 months, 4 weeks ago
Webkit: webkitgtk / wpe webkit: out-of-bounds read and integer underflow vulnerability leading to dos

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.

References

Affected products

webkitgtk
  • <2.50.2
webkitgtk3
webkitgtk4
  • *
webkit2gtk3
  • *

Matching in nixpkgs

Ignored packages (5)

Package maintainers

Ignored maintainers (4)