{
  "threat_severity" : "Moderate",
  "public_date" : "2024-09-25T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: A malicious website may cause unexpected cross-origin behavior",
    "id" : "2314696",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2314696"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-942",
  "details" : [ "A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior.", "A flaw was found in WebKit. This flaw allows a remote attacker to trigger unexpected cross-origin behavior via a malicious website." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-14T00:00:00Z",
    "advisory" : "RHSA-2024:9636",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.46.3-1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-04-30T00:00:00Z",
    "advisory" : "RHSA-2024:2126",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "webkit2gtk3-0:2.42.5-1.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-23271\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-23271\nhttps://webkitgtk.org/security/WSA-2024-0005.html" ],
  "name" : "CVE-2024-23271",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}