CVE-2019-11070
5.3
MEDIUM
CVSS 3.1
EPSS 1.9%
Description
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
How to fix CVE-2019-11070
To remediate CVE-2019-11070, upgrade the affected package to a fixed version below.
- Debian/webkit2gtk—upgrade to 2.24.1-1 or later
Is CVE-2019-11070 being exploited?
Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.24.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |