Alpine: multiple epiphany packages: security update to 41.3-r0

medium Tenable Self-Hosted Container Security Plugin ID 404229

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as
demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page
on the Most Visited list. (CVE-2021-45085)

- XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's
suggested_filename is used as the pdf_name value in PDF.js. (CVE-2021-45086)

- XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader
mode is used, as demonstrated by a a page title. (CVE-2021-45087)

- XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
(CVE-2021-45088)

See Also

https://security.alpinelinux.org/vuln/CVE-2021-45085

https://security.alpinelinux.org/vuln/CVE-2021-45086

https://security.alpinelinux.org/vuln/CVE-2021-45087

https://security.alpinelinux.org/vuln/CVE-2021-45088

Plugin Details

Severity: Medium

ID: 404229

Version: Revision 1.27

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 8.67

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2021-45088

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/16/2021

Reference Information

CVE: CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088