Home

CVE-2021-30560

Description

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.092

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Google Chrome (x64) (91.0.4472.164)Windows
Multiple vulnerabilities fixed in Google Chrome (91.0.4472.164)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (x64) (91.0.864.71)Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (91.0.864.71)Windows
Vulnerabilities CVE-2021-30560 are fixed in Ruby-nokogiri 1.13.2Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Multiple vulnerabilities are fixed in Google Chrome For Mac 91.0.4472.164Mac
XSLT processing library (USN-5575-1) libxslt1.1_1.1.29-5ubuntu0.3_i386.debLinux
XSLT processing library (USN-5575-1) libxslt1.1_1.1.29-5ubuntu0.3_amd64.debLinux
XSLT processing library (USN-5575-1) libxslt1.1_1.1.34-4ubuntu0.20.04.1_i386.debLinux
XSLT processing library (USN-5575-1) libxslt1.1_1.1.34-4ubuntu0.20.04.1_amd64.debLinux
XSLT processing library (USN-5575-1) libxslt1.1_1.1.34-4ubuntu0.22.04.1_i386.debLinux
XSLT processing library (USN-5575-1) libxslt1.1_1.1.34-4ubuntu0.22.04.1_amd64.debLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt-debugsource-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt-tools-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt-tools-debuginfo-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt1-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt1-32bit-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt1-debuginfo-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0556-1(SUSE Linux Enterprise Server 12 SP5 ) libxslt1-debuginfo-32bit-1.1.28-17.15.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt-debugsource-1.1.34-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt-devel-1.1.34-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt-tools-debuginfo-1.1.34-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt1-debuginfo-1.1.34-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt1-1.1.34-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:0557-1(Basesystem Module 15-SP4 ) libxslt-tools-1.1.34-150400.3.3.1.x86_64.rpmLinux
libxslt security update(DSA-5216-1) xsltproc_1.1.34-4+deb11u1_amd64.debLinux
libxslt security update(DSA-5216-1) xsltproc_1.1.34-4+deb11u1_i386.debLinux
libxslt security update(DSA-5216-1) libxslt1.1_1.1.34-4+deb11u1_i386.debLinux
libxslt security update(DSA-5216-1) libxslt1.1_1.1.34-4+deb11u1_amd64.debLinux
libxslt security update(DSA-5216-1) libxslt1-dev_1.1.34-4+deb11u1_i386.debLinux
libxslt security update(DSA-5216-1) libxslt1-dev_1.1.34-4+deb11u1_amd64.debLinux
Vulnerabilities CVE-2021-30560 are fixed in Ruby-nokogiri for Linux 1.13.2Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-320549Google Chrome (x64) (91.0.4472.164)
PATCH-320548Google Chrome (91.0.4472.164)
PATCH-109332Microsoft Edge for chromium business (99.0.1150.30) (x64)
PATCH-109333Microsoft Edge for chromium business (99.0.1150.30) (x86)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234