{"affected":[{"ecosystem_specific":{"binaries":[{"libjavascriptcoregtk-4_0-18":"2.32.4-lp152.2.19.1","libjavascriptcoregtk-4_0-18-32bit":"2.32.4-lp152.2.19.1","libwebkit2gtk-4_0-37":"2.32.4-lp152.2.19.1","libwebkit2gtk-4_0-37-32bit":"2.32.4-lp152.2.19.1","libwebkit2gtk3-lang":"2.32.4-lp152.2.19.1","typelib-1_0-JavaScriptCore-4_0":"2.32.4-lp152.2.19.1","typelib-1_0-WebKit2-4_0":"2.32.4-lp152.2.19.1","typelib-1_0-WebKit2WebExtension-4_0":"2.32.4-lp152.2.19.1","webkit-jsc-4":"2.32.4-lp152.2.19.1","webkit2gtk-4_0-injected-bundles":"2.32.4-lp152.2.19.1","webkit2gtk3-devel":"2.32.4-lp152.2.19.1","webkit2gtk3-minibrowser":"2.32.4-lp152.2.19.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"webkit2gtk3","purl":"pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.32.4-lp152.2.19.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for webkit2gtk3 fixes the following issues:\n\n- Update to version 2.32.4\n- CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. (bsc#1190701)\n- CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted HTML web page. (bsc#1188697)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.","id":"openSUSE-SU-2021:1369-1","modified":"2021-10-18T12:13:24Z","published":"2021-10-18T12:13:24Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X4HF2CMDLYL7MPNIXI64QMEMC75KZUZA/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188697"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190701"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-21806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-30858"}],"related":["CVE-2021-21806","CVE-2021-30858"],"summary":"Security update for webkit2gtk3","upstream":["CVE-2021-21806","CVE-2021-30858"]}