DSA-5083-1 webkit2gtk -- webkit2gtkID: oval:org.secpod.oval:def:78389 | Date: (C)2022-03-29 (M)2024-05-16 |
Class: PATCH | Family: unix |
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-22589 Heige and Bo Qu discovered that processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22590 Toan Pham discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-22592 Prakash discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2022-22620 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Product: |
webkit2gtk-driver |
gir1.2-javascriptcoregtk-4.0 |
gir1.2-webkit2-4.0 |
libjavascriptcoregtk-4.0-18 |
libjavascriptcoregtk-4.0-bin |
libjavascriptcoregtk-4.0-dev |
libwebkit2gtk-4.0-37 |
libwebkit2gtk-4.0-dev |
libwebkit2gtk-4.0-doc |