CVE-2022-22589

Name
CVE-2022-22589
Description
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://support.apple.com/en-us/HT213058
MISC https://support.apple.com/en-us/HT213059
MISC https://support.apple.com/en-us/HT213057
MISC https://support.apple.com/en-us/HT213054
MISC https://support.apple.com/en-us/HT213053
CONFIRM https://support.apple.com/kb/HT213255
CONFIRM https://support.apple.com/kb/HT213256
FULLDISC http://seclists.org/fulldisclosure/2022/May/33
FULLDISC http://seclists.org/fulldisclosure/2022/May/35
CONFIRM https://support.apple.com/kb/HT213185
Third Party Advisory https://security.gentoo.org/glsa/202208-39

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* safari >= None < 15.3
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* ipados >= None < 15.3
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* iphone_os >= None < 15.3
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* macos >= 12.0.0 < 12.2
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* tvos >= None < 15.3
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* watchos >= None < 8.4
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* mac_os_x >= 10.15 < 10.15.7
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* mac_os_x == None == 10.15.7
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* macos >= 11.0 < 11.6.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status