5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
37.4%
qt6-qtbase is vulnerable to Insecure Handling of Strict-Transport-Security Header. The vulnerability occurs because Qt Network incorrectly parses the Strict-Transport-Security (HSTS) header, which can result in unencrypted connections being established even when the server explicitly prohibits them.
codereview.qt-project.org/c/qt/qtbase/+/476140
github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305
lists.debian.org/debian-lts-announce/2024/04/msg00027.html
lists.qt-project.org/pipermail/announce/2023-May/000414.html
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml