snykiotcubedev / godot-3.3-stable

MIT License
0 stars 0 forks source link

CVE-2023-4863 (High) detected in multiple libraries #65

Open mend-bolt-for-github[bot] opened 8 months ago

mend-bolt-for-github[bot] commented 8 months ago

CVE-2023-4863 - High Severity Vulnerability

Vulnerable Libraries - libwebpv1.1.0, libwebpv1.1.0, libwebpv1.1.0, libwebpv1.1.0

Vulnerability Details

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Publish Date: 2023-09-12

URL: CVE-2023-4863

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-j7hp-h8jx-5ppr

Release Date: 2023-09-12

Fix Resolution: Pillow - 10.0.1, SkiaSharp - 2.88.6, libwebp-sys - 0.9.3, libwebp-sys, webp - 0.2.62 - 0.1.8, electron - 22.3.24,24.8.3,25.8.1,26.2.1,27.0.0-beta.2


Step up your Open Source Security Game with Mend here