CVE-2019-11070
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-11070
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11070.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-11070
- Related
- Published
- 2019-04-10T21:29:01Z
- Modified
- 2024-09-11T02:00:06Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
- References
-
- https://seclists.org/bugtraq/2019/Apr/21
- https://security.gentoo.org/glsa/201909-05
- https://trac.webkit.org/changeset/243197/webkit
- https://bugs.webkit.org/show_bug.cgi?id=193718
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html
- http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html
- http://www.openwall.com/lists/oss-security/2019/04/11/1
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/
- https://usn.ubuntu.com/3948-1/
- https://security-tracker.debian.org/tracker/CVE-2019-11070
Affected packages
Debian:11 / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/debian/webkit2gtk?arch=source
Debian:12 / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/debian/webkit2gtk?arch=source
Debian:13 / webkit2gtk
Package
- Name
- webkit2gtk
- Purl
- pkg:deb/debian/webkit2gtk?arch=source