CVE-2022-22637

2022-09-2319:15:11

Alpine Linux Development Team

security.alpinelinux.org

logic issue

macos

safari

watchos

ios

ipados

tvos

cross-origin behavior

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN
Alpine3.16-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN
Alpine3.17-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN
Alpine3.18-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN
Alpine3.19-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN
Alpine3.20-communitynoarchwebkit2gtk< 2.34.4-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN
Alpine	3.16-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN
Alpine	3.17-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN
Alpine	3.18-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN
Alpine	3.19-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN
Alpine	3.20-community	noarch	webkit2gtk	< 2.34.4-r0	UNKNOWN