CVE-2019-8515

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-8515

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8515.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-8515

Related

Published

2019-12-18T18:15:23Z

Modified

2024-09-11T02:00:05Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.

References

Affected packages

Debian:11 / webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/debian/webkit2gtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}