CVE-2019-6251
8.1
HIGH
CVSS 3.1
EPSS 2.4%
Description
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
How to fix CVE-2019-6251
To remediate CVE-2019-6251, upgrade the affected package to a fixed version below.
- Debian/webkit2gtk—upgrade to 2.24.1-1 or later
Is CVE-2019-6251 being exploited?
Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.24.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |