UBUNTU-CVE-2021-42762
- Source
- https://ubuntu.com/security/CVE-2021-42762
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-42762.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-42762
- Upstream
- Downstream
- Related
- Published
- 2021-10-20T19:15:00Z
- Modified
- 2025-09-08T16:47:23Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.5.1+dfsg-2ubuntu1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "libqt5webkit5"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "libqt5webkit5-dev"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "libqt5webkit5-qmlwebkitplugin"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "qml-module-qtwebkit"
},
{
"binary_version": "5.5.1+dfsg-2ubuntu1",
"binary_name": "qtwebkit5-doc-html"
}
]
}
Ubuntu:Pro:16.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.20.5-0ubuntu0.16.04.1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.8.5+dfsg1-3
2.10.3+dfsg1-1
2.10.4+dfsg1-1
2.10.5-1
2.10.6-1
2.10.6-1ubuntu1
2.10.8-1ubuntu1
2.10.9-1ubuntu1
2.12.5-0ubuntu0.16.04.1
2.14.2-0ubuntu0.16.04.1
2.14.3-0ubuntu0.16.04.1
2.14.5-0ubuntu0.16.04.1
2.16.1-0ubuntu0.16.04.1
2.16.1-0ubuntu0.16.04.2
2.16.2-0ubuntu0.16.04.1
2.16.3-0ubuntu0.16.04.1
2.16.6-0ubuntu0.16.04.1
2.18.0-0ubuntu0.16.04.2
2.18.3-0ubuntu0.16.04.1
2.18.4-0ubuntu0.16.04.1
2.18.5-0ubuntu0.16.04.1
2.18.6-0ubuntu0.16.04.1
2.20.1-0ubuntu0.16.04.1
2.20.2-0ubuntu0.16.04.1
2.20.3-0ubuntu0.16.04.1
2.20.5-0ubuntu0.16.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "gir1.2-javascriptcoregtk-4.0"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "gir1.2-webkit2-4.0"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-18"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-bin"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libjavascriptcoregtk-4.0-dev"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-37-gtk2"
},
{
"binary_version": "2.20.5-0ubuntu0.16.04.1",
"binary_name": "libwebkit2gtk-4.0-dev"
}
]
}
Ubuntu:Pro:16.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu11?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:16.04:LTS / webkitgtk
Package
- Name
- webkitgtk
- Purl
- pkg:deb/ubuntu/webkitgtk@2.4.11-0ubuntu0.1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-javascriptcoregtk-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-webkit-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "gir1.2-webkit2-3.0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-1.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-1.0-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-3.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-3.0-bin"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libjavascriptcoregtk-3.0-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkit-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkit2gtk-3.0-25"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkit2gtk-3.0-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-1.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-1.0-common"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-3.0-0"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-3.0-common"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-3.0-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-common-dev"
},
{
"binary_version": "2.4.11-0ubuntu0.1",
"binary_name": "libwebkitgtk-dev"
}
]
}
Ubuntu:Pro:18.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha2-7ubuntu1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.9.1+dfsg-5ubuntu1
5.9.1+dfsg-5ubuntu3
5.212.0~alpha2-5build2
5.212.0~alpha2-5build4
5.212.0~alpha2-7
5.212.0~alpha2-7build2
5.212.0~alpha2-7ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "5.212.0~alpha2-7ubuntu1",
"binary_name": "libqt5webkit5"
},
{
"binary_version": "5.212.0~alpha2-7ubuntu1",
"binary_name": "libqt5webkit5-dev"
},
{
"binary_version": "5.212.0~alpha2-7ubuntu1",
"binary_name": "qml-module-qtwebkit"
},
{
"binary_version": "5.212.0~alpha2-7ubuntu1",
"binary_name": "qtwebkit5-doc-html"
}
]
}
Ubuntu:Pro:18.04:LTS / qtwebkit-source
Package
- Name
- qtwebkit-source
- Purl
- pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu13?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / webkitgtk
Package
- Name
- webkitgtk
- Purl
- pkg:deb/ubuntu/webkitgtk@2.4.11-3ubuntu3?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "gir1.2-javascriptcoregtk-3.0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "gir1.2-webkit-3.0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libjavascriptcoregtk-1.0-0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libjavascriptcoregtk-1.0-dev"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libjavascriptcoregtk-3.0-0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libjavascriptcoregtk-3.0-bin"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libjavascriptcoregtk-3.0-dev"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libwebkitgtk-1.0-0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libwebkitgtk-3.0-0"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libwebkitgtk-3.0-dev"
},
{
"binary_version": "2.4.11-3ubuntu3",
"binary_name": "libwebkitgtk-dev"
}
]
}
Ubuntu:20.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.34.1-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.1-0ubuntu0.20.04.1
Affected versions
2.*
2.26.1-3
2.26.2-1
2.26.3-1ubuntu2
2.26.4-1ubuntu1
2.28.0-1ubuntu2
2.28.1-1
2.28.2-0ubuntu0.20.04.1
2.28.3-0ubuntu0.20.04.1
2.28.4-0ubuntu0.20.04.1
2.30.3-0ubuntu0.20.04.1
2.30.5-0ubuntu0.20.04.1
2.30.6-0ubuntu0.20.04.1
2.32.0-0ubuntu0.20.04.1
2.32.3-0ubuntu0.20.04.1
2.32.4-0ubuntu0.20.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "gir1.2-javascriptcoregtk-4.0"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "gir1.2-webkit2-4.0"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libjavascriptcoregtk-4.0-18"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libjavascriptcoregtk-4.0-bin"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libjavascriptcoregtk-4.0-dev"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libwebkit2gtk-4.0-37"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libwebkit2gtk-4.0-37-gtk2"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "libwebkit2gtk-4.0-dev"
},
{
"binary_version": "2.34.1-0ubuntu0.20.04.1",
"binary_name": "webkit2gtk-driver"
}
],
"availability": "No subscription required"
}
Ubuntu:Pro:20.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-1ubuntu2.1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:20.04:LTS / wpewebkit
Package
- Name
- wpewebkit
- Purl
- pkg:deb/ubuntu/wpewebkit@2.28.1-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-15ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/ubuntu/webkit2gtk@2.34.1-1ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.34.1-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "gir1.2-javascriptcoregtk-4.0"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "gir1.2-webkit2-4.0"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "libjavascriptcoregtk-4.0-18"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "libjavascriptcoregtk-4.0-bin"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "libjavascriptcoregtk-4.0-dev"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "libwebkit2gtk-4.0-37"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "libwebkit2gtk-4.0-dev"
},
{
"binary_version": "2.34.1-1ubuntu1",
"binary_name": "webkit2gtk-driver"
}
],
"availability": "No subscription required"
}
Ubuntu:22.04:LTS / wpewebkit
Package
- Name
- wpewebkit
- Purl
- pkg:deb/ubuntu/wpewebkit@2.36.0-2ubuntu3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / qtwebkit-opensource-src
Package
- Name
- qtwebkit-opensource-src
- Purl
- pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-36?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected