Alpine: webkit2gtk: security update to 2.28.4-r0

critical Tenable Cloud Security Plugin ID 427274

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and
iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows
11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination
or arbitrary code execution. (CVE-2020-9893, CVE-2020-9895)

- A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This
issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for
Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to
command injection. (CVE-2020-9862)

- An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and
iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows
11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination
or arbitrary code execution. (CVE-2020-9894)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-9862

https://security.alpinelinux.org/vuln/CVE-2020-9893

https://security.alpinelinux.org/vuln/CVE-2020-9894

https://security.alpinelinux.org/vuln/CVE-2020-9895

https://security.alpinelinux.org/vuln/CVE-2020-9915

https://security.alpinelinux.org/vuln/CVE-2020-9925

Plugin Details

Severity: Critical

ID: 427274

Version: Revision 1.1

Type: Local

Published: 5/16/2025

Updated: 5/16/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.12

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-9895

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/28/2020

Reference Information

CVE: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925