DEBIAN-CVE-2024-44187

DEBIAN-CVE-2024-44187 PUBLISHED CVSS 6.5 MEDIUM

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:11	webkit2gtk	2.36.4-1, 2.45.3-1, 2.42.4-1
Debian:12	webkit2gtk	*, 0, 2.40.1-1
Debian:13	webkit2gtk	0, 0
Debian:11	wpewebkit	2.40.4-1, 2.40.2-2, 2.40.1-1
Debian:14	webkit2gtk	0, 0
Debian:12	wpewebkit	2.48.5-1, 2.52.2-2, 2.42.4-1
Debian:13	wpewebkit	0, 0
Debian:14	wpewebkit	0, 0

Timeline

Sep 17, 2024 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-44187 advisory

Open in Interactive Console →