{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "12.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "15.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "watchOS", "vendor": "Apple", "versions": [{"lessThan": "8.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-01T02:06:58", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213053"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213054"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213057"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213059"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT213058"}, {"name": "GLSA-202208-39", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-39"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2022-22592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.3"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "12.2"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.3"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "15.3"}]}}, {"product_name": "watchOS", "version": {"version_data": [{"version_affected": "<", "version_value": "8.4"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT213053", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213053"}, {"name": "https://support.apple.com/en-us/HT213054", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213054"}, {"name": "https://support.apple.com/en-us/HT213057", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213057"}, {"name": "https://support.apple.com/en-us/HT213059", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213059"}, {"name": "https://support.apple.com/en-us/HT213058", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT213058"}, {"name": "GLSA-202208-39", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-39"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.777Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213053"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213054"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213057"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213059"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT213058"}, {"name": "GLSA-202208-39", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-39"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2022-22592", "datePublished": "2022-03-18T17:59:24", "dateReserved": "2022-01-05T00:00:00", "dateUpdated": "2024-08-03T03:14:55.777Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "556E3C87-7083-4145-8D61-C8F9A1EBC440", "versionEndExcluding": "15.3", "vulnerable": true}, {"criteria": "cpe:2.3:h:apple:iphone:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BF2DFCA-CB24-4FA9-924A-CFF03A808213", "versionEndExcluding": "15.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB2F6E42-576E-41AE-AA8A-606A3FF1A649", "versionEndExcluding": "15.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BD8A840-1C3E-4D4B-B497-250712283BCC", "versionEndExcluding": "12.2", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E0EC801-1226-4B8E-805C-192CFDCEACF5", "versionEndExcluding": "15.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEEE128B-D9D6-452A-B4D1-5BAD1F7BB26A", "versionEndExcluding": "8.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."}, {"lang": "es", "value": "Se abord\u00f3 un problema de l\u00f3gica con una administraci\u00f3n de estados mejorada. Este problema es corregido en iOS versi\u00f3n 15.3 y iPadOS versi\u00f3n 15.3, watchOS versi\u00f3n 8.4, tvOS versi\u00f3n 15.3, Safari versi\u00f3n 15.3, macOS Monterey versi\u00f3n 12.2. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede impedir que se aplique la Pol\u00edtica de Seguridad de Contenidos"}], "id": "CVE-2022-22592", "lastModified": "2022-09-09T20:43:07.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-18T18:15:12.760", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-39"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213053"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213054"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213057"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213058"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213059"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1777", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.34.6-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced", "id": "2053185", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053185"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-1021", "details": ["A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", "A vulnerability was found in WebKitGTK. The flaw exists due to a logic issue when processing HTML content in WebKit. This flaw allows a remote attacker to create a specially crafted web page, trick the victim into visiting it, and prevent the Content Security Policy from being enforced, allowing the remote attacker to bypass implemented security restrictions."], "name": "CVE-2022-22592", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-02-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-22592\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22592\nhttps://webkitgtk.org/security/WSA-2022-0002.html"], "statement": "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\nRed Hat Product Security has rated this issue as having a Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}