CVE-2022-46648
ruby-git: code injection vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Las versiones de ruby-git anteriores a la v1.13.0 permiten a un atacante remoto autenticado ejecutar un código Ruby arbitrario haciendo que un usuario cargue en el producto un repositorio que contiene un nombre de archivo especialmente manipulado. Esta vulnerabilidad es diferente de CVE-2022-47318.
A flaw was found in the ruby-git package, which allows a remote authenticated attacker to execute arbitrary code on the system, caused by a code injection flaw. An attacker can execute arbitrary code on the system by using a specially-crafted filename in the repository.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-28 CVE Reserved
- 2023-01-17 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/ruby-git/ruby-git | Product | |
https://jvn.jp/en/jp/JVN16765254/index.html | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/ruby-git/ruby-git/pull/602 | 2023-02-02 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-46648 | 2023-11-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2169385 | 2023-11-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ruby-git Project Search vendor "Ruby-git Project" | Ruby-git Search vendor "Ruby-git Project" for product "Ruby-git" | < 1.13.0 Search vendor "Ruby-git Project" for product "Ruby-git" and version " < 1.13.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|