Vulnerability DatabaseCVE-2021-30897

CVE-2021-30897:
Rocky Linux vulnerability analysis and mitigation

Overview

CVE-2021-30897 is a security vulnerability discovered in the resource timing API specification and its implementation. The issue was fixed in macOS Monterey 12.0.1, iOS 15, iPadOS 15, and tvOS 15. The vulnerability was reported by an anonymous researcher and affects WebKit, Apple's browser engine (Apple Support, Apple Support, Apple Support).

Technical details

The vulnerability exists in the specification for the resource timing API. The issue allows a malicious website to exfiltrate data cross-origin. Apple addressed this vulnerability by updating the specification and implementing the updated specification. The vulnerability has a CVSS v3.1 base score of 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

Impact

If exploited, this vulnerability could allow a malicious website to perform cross-origin data exfiltration, potentially exposing sensitive user information across different web origins (Apple Support).

Mitigation and workarounds

The vulnerability was patched in macOS Monterey 12.0.1, iOS 15, iPadOS 15, and tvOS 15. Users should update their devices to these versions or later to protect against this vulnerability (Apple Support, Apple Support, Apple Support).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.5

Score

Published August 24, 2021

Severity MEDIUM

CNA Score N/A

Affected Technologies

Rocky Linux
Alma Linux

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 48.5

Exploitation Probability (EPSS) 0.3

Affected packages and libraries

webkit2gtk3-jsc-devel
libwebkit2gtk-4_0-37-32bit

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Jul 20, 2022
Alpine Security Tracker
- Alpine 3.16 Severity MEDIUMHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity MEDIUMHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity MEDIUMHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity MEDIUMHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity MEDIUMHas FixAdded at: May 26, 2024
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Red Hat Errata
- Red Hat 6, 7 Severity MEDIUMNo FixAdded at: Jan 13, 2022
- Red Hat 8 Severity MEDIUMHas FixAdded at: Jan 13, 2022
Rocky Linux Product Errata
- Rocky 8 Has FixAdded at: May 14, 2023
Ubuntu Security Tracker
- Ubuntu 20.04, 21.04 Severity MEDIUMHas FixAdded at: Jan 05, 2022
- Ubuntu 21.10, 22.04, 22.10 Severity MEDIUMHas FixAdded at: Nov 01, 2022
- Ubuntu 23.04 Severity MEDIUMHas FixAdded at: May 14, 2023
- Ubuntu 23.10 Severity MEDIUMHas FixAdded at: Oct 31, 2023
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: May 06, 2024

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Rocky Linux vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13699	HIGH	7	MariaDB Server	mariadb1011-server-utils	No	Yes	Dec 23, 2025
CVE-2025-43541	MEDIUM	4.3	Apple Safari	webkitgtk-devel	No	Yes	Dec 17, 2025
CVE-2025-43536	MEDIUM	4.3	Apple Safari	WebKitGTK-6.0-lang	No	Yes	Dec 17, 2025
CVE-2025-43535	MEDIUM	4.3	Apple Safari	webkit2gtk-4_1-injected-bundles	No	Yes	Dec 17, 2025
CVE-2025-61594	LOW	2.7	Ruby	rubygem-bundler-doc	No	Yes	Dec 30, 2025