XAML injection In gnome-shell
Description
A flaw was found In gnome-shell. The GNOME Network Manager and GNOME Shell Portal Helper connectivity checks send DNS checks that, if intercepted, may be used to launch a GNOME Captive Portal in a WebKitGTK browser and load arbitrary HTML and Javascript code.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package |
|---|---|
 rpm rhel10 | |
rpm rhel7 | |
rpm rhel8 | |
rpm rhel9 |
Aliases
1. 2. 3.