{
  "threat_severity" : "Moderate",
  "public_date" : "2022-02-09T00:00:00Z",
  "bugzilla" : {
    "description" : "webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript",
    "id" : "2053179",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2053179"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1173",
  "details" : [ "A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.", "A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code." ],
  "statement" : "Red Hat Enterprise Linux 6, 7, 8, and 9 are affected because the code-base is affected by this vulnerability.\nRed Hat Product Security has rated this issue as having a Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 6 and 7, hence, marked as Out-of-Support-Scope. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle & Updates Policy: https://access.redhat.com/support/policy/updates/errata/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2025-07-07T00:00:00Z",
    "advisory" : "RHSA-2025:10364",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "webkitgtk4-0:2.48.3-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1777",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "webkit2gtk3-0:2.34.6-1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "webkitgtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "webkit2gtk3",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-22589\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22589\nhttps://webkitgtk.org/security/WSA-2022-0002.html" ],
  "name" : "CVE-2022-22589",
  "csaw" : false
}