UBUNTU-CVE-2019-8674

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-8674

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-8674.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-8674

Upstream

CVE-2019-8674

Published

2019-12-18T18:15:00Z

Modified

2025-07-16T07:40:22.232035Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.

References

Affected packages

Ubuntu:Pro:16.04:LTS / qtwebkit-opensource-src

Package

Name: qtwebkit-opensource-src
Purl: pkg:deb/ubuntu/qtwebkit-opensource-src@5.5.1+dfsg-2ubuntu1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.2+dfsg-1ubuntu2.1

5.5.1+dfsg-2ubuntu1

Ubuntu:Pro:16.04:LTS / webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/ubuntu/webkit2gtk@2.20.5-0ubuntu0.16.04.1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.8.5+dfsg1-3

2.10.3+dfsg1-1

2.10.4+dfsg1-1

2.10.5-1

2.10.6-1

2.10.6-1ubuntu1

2.10.8-1ubuntu1

2.10.9-1ubuntu1

2.12.5-0ubuntu0.16.04.1

2.14.2-0ubuntu0.16.04.1

2.14.3-0ubuntu0.16.04.1

2.14.5-0ubuntu0.16.04.1

2.16.1-0ubuntu0.16.04.1

2.16.1-0ubuntu0.16.04.2

2.16.2-0ubuntu0.16.04.1

2.16.3-0ubuntu0.16.04.1

2.16.6-0ubuntu0.16.04.1

2.18.0-0ubuntu0.16.04.2

2.18.3-0ubuntu0.16.04.1

2.18.4-0ubuntu0.16.04.1

2.18.5-0ubuntu0.16.04.1

2.18.6-0ubuntu0.16.04.1

2.20.1-0ubuntu0.16.04.1

2.20.2-0ubuntu0.16.04.1

2.20.3-0ubuntu0.16.04.1

2.20.5-0ubuntu0.16.04.1

Ubuntu:Pro:16.04:LTS / qtwebkit-source

Package

Name: qtwebkit-source
Purl: pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu11?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.2-0ubuntu10

2.3.2-0ubuntu11

Ubuntu:Pro:16.04:LTS / webkitgtk

Package

Name: webkitgtk
Purl: pkg:deb/ubuntu/webkitgtk@2.4.11-0ubuntu0.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.9-2ubuntu2

2.4.10-0ubuntu1

2.4.11-0ubuntu0.1

Ubuntu:18.04:LTS / webkit2gtk

Package

Name: webkit2gtk
Purl: pkg:deb/ubuntu/webkit2gtk@2.24.4-0ubuntu0.18.04.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.24.4-0ubuntu0.18.04.1

Affected versions

2.*

2.18.0-2

2.18.0-2build1

2.18.2-1

2.18.3-1

2.18.4-1

2.18.6-1

2.19.91-1ubuntu1

2.19.92-1

2.20.0-1

2.20.0-2

2.20.0-2ubuntu1

2.20.1-1

2.20.2-0ubuntu0.18.04.1

2.20.3-0ubuntu0.18.04.1

2.20.5-0ubuntu0.18.04.1

2.22.2-0ubuntu0.18.04.1

2.22.2-0ubuntu0.18.04.2

2.22.4-0ubuntu0.18.04.1

2.22.5-0ubuntu0.18.04.1

2.22.6-0ubuntu0.18.04.1

2.24.1-0ubuntu0.18.04.1

2.24.2-0ubuntu0.18.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "gir1.2-javascriptcoregtk-4.0",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "gir1.2-webkit2-4.0",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libjavascriptcoregtk-4.0-18",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libjavascriptcoregtk-4.0-18-dbgsym",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libjavascriptcoregtk-4.0-bin",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libjavascriptcoregtk-4.0-bin-dbgsym",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libjavascriptcoregtk-4.0-dev",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-37",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-37-dbgsym",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-37-gtk2",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-37-gtk2-dbgsym",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-dev",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "libwebkit2gtk-4.0-doc",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "webkit2gtk-driver",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        },
        {
            "binary_name": "webkit2gtk-driver-dbgsym",
            "binary_version": "2.24.4-0ubuntu0.18.04.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / qtwebkit-opensource-src

Package

Name: qtwebkit-opensource-src
Purl: pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha2-7ubuntu1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.9.1+dfsg-5ubuntu1

5.9.1+dfsg-5ubuntu3

5.212.0~alpha2-5build2

5.212.0~alpha2-5build4

5.212.0~alpha2-7

5.212.0~alpha2-7build2

5.212.0~alpha2-7ubuntu1

Ubuntu:Pro:18.04:LTS / qtwebkit-source

Package

Name: qtwebkit-source
Purl: pkg:deb/ubuntu/qtwebkit-source@2.3.2-0ubuntu13?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.2-0ubuntu13

Ubuntu:Pro:18.04:LTS / webkitgtk

Package

Name: webkitgtk
Purl: pkg:deb/ubuntu/webkitgtk@2.4.11-3ubuntu3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.11-3

2.4.11-3ubuntu2

2.4.11-3ubuntu3

Ubuntu:Pro:20.04:LTS / qtwebkit-opensource-src

Package

Name: qtwebkit-opensource-src
Purl: pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-1ubuntu2.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.212.0~alpha3-3

5.212.0~alpha3-5

5.212.0~alpha3-6

5.212.0~alpha3-7

5.212.0~alpha4-1

5.212.0~alpha4-1ubuntu1

5.212.0~alpha4-1ubuntu2

5.212.0~alpha4-1ubuntu2.1

Ubuntu:22.04:LTS / qtwebkit-opensource-src

Package

Name: qtwebkit-opensource-src
Purl: pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-15ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.212.0~alpha4-12

5.212.0~alpha4-13

5.212.0~alpha4-14

5.212.0~alpha4-14build1

5.212.0~alpha4-14ubuntu2

5.212.0~alpha4-15ubuntu1

Ubuntu:24.04:LTS / qtwebkit-opensource-src

Package

Name: qtwebkit-opensource-src
Purl: pkg:deb/ubuntu/qtwebkit-opensource-src@5.212.0~alpha4-36?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.212.0~alpha4-33

5.212.0~alpha4-33build1

5.212.0~alpha4-34

5.212.0~alpha4-34ubuntu3

5.212.0~alpha4-34ubuntu4

5.212.0~alpha4-36