CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	15.3 (excluding)
Ipados	Apple	*	15.3 (excluding)
Iphone_os	Apple	*	15.3 (excluding)
Mac_os_x	Apple	10.15 (including)	10.15.7 (excluding)
Mac_os_x	Apple	10.15.7 (including)	10.15.7 (including)
Mac_os_x	Apple	10.15.7-security_update_2020 (including)	10.15.7-security_update_2020 (including)
Mac_os_x	Apple	10.15.7-security_update_2020-001 (including)	10.15.7-security_update_2020-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2020-005 (including)	10.15.7-security_update_2020-005 (including)
Mac_os_x	Apple	10.15.7-security_update_2020-007 (including)	10.15.7-security_update_2020-007 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-001 (including)	10.15.7-security_update_2021-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-002 (including)	10.15.7-security_update_2021-002 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-003 (including)	10.15.7-security_update_2021-003 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-006 (including)	10.15.7-security_update_2021-006 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-007 (including)	10.15.7-security_update_2021-007 (including)
Mac_os_x	Apple	10.15.7-security_update_2021-008 (including)	10.15.7-security_update_2021-008 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-001 (including)	10.15.7-security_update_2022-001 (including)
Mac_os_x	Apple	10.15.7-security_update_2022-002 (including)	10.15.7-security_update_2022-002 (including)
Mac_os_x	Apple	10.15.7-supplemental_update (including)	10.15.7-supplemental_update (including)
Macos	Apple	11.0 (including)	11.6.6 (excluding)
Macos	Apple	12.0.0 (including)	12.2 (excluding)
Tvos	Apple	*	15.3 (excluding)
Watchos	Apple	*	8.4 (excluding)
Red Hat Enterprise Linux 8	RedHat	webkit2gtk3-0:2.34.6-1.el8	*
Qtwebkit-opensource-src	Ubuntu	bionic	*
Qtwebkit-opensource-src	Ubuntu	devel	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/bionic	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/focal	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/jammy	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/noble	*
Qtwebkit-opensource-src	Ubuntu	esm-infra/xenial	*
Qtwebkit-opensource-src	Ubuntu	focal	*
Qtwebkit-opensource-src	Ubuntu	impish	*
Qtwebkit-opensource-src	Ubuntu	jammy	*
Qtwebkit-opensource-src	Ubuntu	kinetic	*
Qtwebkit-opensource-src	Ubuntu	lunar	*
Qtwebkit-opensource-src	Ubuntu	mantic	*
Qtwebkit-opensource-src	Ubuntu	noble	*
Qtwebkit-opensource-src	Ubuntu	trusty	*
Qtwebkit-opensource-src	Ubuntu	upstream	*
Qtwebkit-opensource-src	Ubuntu	xenial	*
Qtwebkit-source	Ubuntu	bionic	*
Qtwebkit-source	Ubuntu	esm-apps/bionic	*
Qtwebkit-source	Ubuntu	esm-apps/xenial	*
Qtwebkit-source	Ubuntu	trusty	*
Qtwebkit-source	Ubuntu	xenial	*
Webkit2gtk	Ubuntu	bionic	*
Webkit2gtk	Ubuntu	devel	*
Webkit2gtk	Ubuntu	esm-infra/bionic	*
Webkit2gtk	Ubuntu	esm-infra/xenial	*
Webkit2gtk	Ubuntu	focal	*
Webkit2gtk	Ubuntu	impish	*
Webkit2gtk	Ubuntu	jammy	*
Webkit2gtk	Ubuntu	kinetic	*
Webkit2gtk	Ubuntu	lunar	*
Webkit2gtk	Ubuntu	mantic	*
Webkit2gtk	Ubuntu	noble	*
Webkit2gtk	Ubuntu	upstream	*
Webkit2gtk	Ubuntu	xenial	*
Webkitgtk	Ubuntu	bionic	*
Webkitgtk	Ubuntu	esm-apps/bionic	*
Webkitgtk	Ubuntu	esm-apps/xenial	*
Webkitgtk	Ubuntu	trusty	*
Webkitgtk	Ubuntu	xenial	*
Wpewebkit	Ubuntu	esm-apps/focal	*
Wpewebkit	Ubuntu	esm-apps/jammy	*
Wpewebkit	Ubuntu	focal	*
Wpewebkit	Ubuntu	impish	*
Wpewebkit	Ubuntu	jammy	*
Wpewebkit	Ubuntu	trusty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-22589
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References