CVE-2021-42762 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Sandbox escape
Description	BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2484	wpewebkit	2.32.4-1	2.34.1-1	Medium	Fixed
AVG-2483	webkit2gtk	2.32.4-1	2.34.1-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
29 Oct 2021	ASA-202110-9	AVG-2483	webkit2gtk	Medium	multiple issues
29 Oct 2021	ASA-202110-10	AVG-2484	wpewebkit	Medium	multiple issues

References
https://webkitgtk.org/security/WSA-2021-0006.html#CVE-2021-42762 https://bugs.webkit.org/show_bug.cgi?id=231479 https://trac.webkit.org/changeset/284451/webkit