CVE-2022-46648
Summary
| CVE | CVE-2022-46648 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-01-17 10:15:00 UTC |
|---|
| Updated | 2023-02-02 18:45:00 UTC |
|---|
| Description | ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GitHub - ruby-git/ruby-git: Ruby/Git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. |
MISC |
github.com |
|
| In ls-files do not unescape file paths with eval by jcouball · Pull Request #602 · ruby-git/ruby-git · GitHub |
MISC |
github.com |
|
| JVN#16765254: Multiple code injection vulnerabilities in ruby-git |
MISC |
jvn.jp |
|
| [SECURITY] [DLA 3303-1] ruby-git security update |
MLIST |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181523 Debian Security Update for ruby-git (DLA 3303-1)
- 184156 Debian Security Update for ruby-git (CVE-2022-46648)
- 242229 Red Hat Update for Satellite 6.11.5.6 (RHSA-2023:5980)
- 242230 Red Hat Update for Satellite 6.12.5.2 (RHSA-2023:5979)
- 242347 Red Hat Update for Satellite 6.14 (RHSA-2023:6818)
- 242363 Red Hat Update for Satellite 6.13.5 (RHSA-2023:5931)
- 961065 Rocky Linux Security Update for Satellite (RLSA-2023:6818)
