DSA-5084-1 wpewebkit -- wpewebkitID: oval:org.secpod.oval:def:88336 | Date: (C)2023-03-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22589 Heige and Bo Qu discovered that processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22590 Toan Pham discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-22592 Prakash discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2022-22620 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Product: |
wpewebkit-driver |
libwpewebkit-1.0-3 |
libwpewebkit-1.0-dev |
libwpewebkit-1.0-doc |