CVE-2022-4768 – Dropbox merou SSH Public Key public_key.py add_public_key injection

https://notcve.org/view.php?id=CVE-2022-4768

27 Dec 2022 — A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. • https://github.com/dropbox/merou/commit/d93087973afa26bc0a2d0a5eb5c0fde748bdd107 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •