{ "threat_severity" : "Moderate", "public_date" : "2023-09-28T00:00:00Z", "bugzilla" : { "description" : "webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code", "id" : "2241409", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2241409" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "details" : [ "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.", "A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10364", "cpe" : "cpe:/o:redhat:rhel_els:7", "package" : "webkitgtk4-0:2.48.3-2.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-11-14T00:00:00Z", "advisory" : "RHSA-2023:7055", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "webkit2gtk3-0:2.40.5-1.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-11-07T00:00:00Z", "advisory" : "RHSA-2023:6535", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "webkit2gtk3-0:2.40.5-1.el9" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "webkitgtk", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "webkitgtk3", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-40451\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40451\nhttps://webkitgtk.org/security/WSA-2023-0009.html" ], "name" : "CVE-2023-40451", "csaw" : false }