CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46648 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. Las versiones de ruby-git anteriores a la v1.13.0 permiten a un atacante remoto autenticado ejecutar un código Ruby arbitrario haciendo que un usuario cargue en el producto un repositorio que contiene un nombre de archivo especialmente manipulado. Esta vulnerabilidad es diferente de CVE-2022-47318. A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://access.redhat.com/security/cve/CVE-2022-46648 https://bugzilla.redhat.com/show_bug.cgi?id=2169385 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-47318 – ruby-git: code injection vulnerability
https://notcve.org/view.php?id=CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. Las versiones de ruby-git anteriores a v1.13.0 permiten a un atacante remoto autenticado ejecutar un código Ruby arbitrario haciendo que un usuario cargue en el producto un repositorio que contiene un nombre de archivo especialmente manipulado. Esta vulnerabilidad es diferente de CVE-2022-46648. A code injection flaw was found in the ruby-git package. • https://github.com/ruby-git/ruby-git https://github.com/ruby-git/ruby-git/pull/602 https://jvn.jp/en/jp/JVN16765254/index.html https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K https://access.redhat.com/security/cve/CVE-2022-47318 https://bugzilla.redhat.com/show_bug.cgi?id=2159672 • CWE-94: Improper Control of Generation of Code ('Code Injection') •