Alpine: webkit2gtk: security update to 2.28.3-r0

critical Tenable Cloud Security Plugin ID 427521

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,
tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for
Windows 7.19. A remote attacker may be able to cause arbitrary code execution. (CVE-2020-9850)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,
tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for
Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
(CVE-2020-9802)

- A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and
iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows
11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code
execution. (CVE-2020-9803)

- A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5,
tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for
Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.
(CVE-2020-9805)

- A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5
and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows
11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code
execution. (CVE-2020-9806)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-13753

https://security.alpinelinux.org/vuln/CVE-2020-9802

https://security.alpinelinux.org/vuln/CVE-2020-9803

https://security.alpinelinux.org/vuln/CVE-2020-9805

https://security.alpinelinux.org/vuln/CVE-2020-9806

https://security.alpinelinux.org/vuln/CVE-2020-9807

https://security.alpinelinux.org/vuln/CVE-2020-9843

https://security.alpinelinux.org/vuln/CVE-2020-9850

https://security.alpinelinux.org/vuln/CVE-2020-9952

Plugin Details

Severity: Critical

ID: 427521

Version: Revision 1.6

Type: Local

Published: 5/16/2025

Updated: 5/14/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Percentile: 99.76

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-9850

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2020-13753

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/28/2020

Exploitable With

Metasploit (Safari in Operator Side Effect Exploit)

Reference Information

CVE: CVE-2020-13753, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9952