{"id":"USN-5561-1","summary":"epiphany-browser vulnerabilities","details":"It was discovered that GNOME Web incorrectly filtered certain strings. A\nremote attacker could use this issue to perform cross-site scripting (XSS)\nattacks. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-45085,\nCVE-2021-45086, CVE-2021-45087)\n\nIt was discovered that GNOME Web incorrectly handled certain long page\ntitles. A remote attacker could use this issue to cause GNOME Web to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2022-29536)\n","modified":"2026-02-10T04:42:44Z","published":"2022-08-10T12:21:07Z","related":["UBUNTU-CVE-2021-45085","UBUNTU-CVE-2021-45086","UBUNTU-CVE-2021-45087","UBUNTU-CVE-2022-29536"],"upstream":["CVE-2021-45085","CVE-2021-45086","CVE-2021-45087","CVE-2022-29536","UBUNTU-CVE-2021-45085","UBUNTU-CVE-2021-45086","UBUNTU-CVE-2021-45087","UBUNTU-CVE-2022-29536"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5561-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45085"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45086"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45087"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-29536"}],"affected":[{"package":{"name":"epiphany-browser","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/epiphany-browser@3.36.4-0ubuntu2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.36.4-0ubuntu2"}]}],"versions":["3.34.1-1","3.34.1-1build1","3.36.0-1","3.36.1-1","3.36.2-0ubuntu1","3.36.3-0ubuntu1","3.36.4-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"epiphany-browser","binary_version":"3.36.4-0ubuntu2"},{"binary_name":"epiphany-browser-data","binary_version":"3.36.4-0ubuntu2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-45085","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-45086","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-45087","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-29536","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5561-1.json"}},{"package":{"name":"epiphany-browser","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/epiphany-browser@42.1-1ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"42.1-1ubuntu1"}]}],"versions":["41.0-1","41.0-2","41.2-1","41.3-1","42~beta-1","42.0-1","42.1-1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"epiphany-browser","binary_version":"42.1-1ubuntu1"},{"binary_name":"epiphany-browser-data","binary_version":"42.1-1ubuntu1"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2022-29536","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5561-1.json"}}],"schema_version":"1.7.3"}