CVE-2022-46648

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-46648

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46648.json

Aliases

GHSA-pfpr-3463-c6jh

Related

DLA-3303-1
RLSA-2023:6818

Published

2023-01-17T10:15:11Z

Modified

2023-11-29T09:58:52.750723Z

Details

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.

References

https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html
https://github.com/ruby-git/ruby-git/pull/602
https://github.com/ruby-git/ruby-git
https://jvn.jp/en/jp/JVN16765254/index.html

Affected packages

Git / github.com/ruby-git/ruby-git

Affected ranges

Type: GIT
Repo: https://github.com/ruby-git/ruby-git
Events: Introduced

0The exact introduced commit is unknown

Fixed

ca8ff350a63172630b8e9e919e02a0ce8e7a7a6d

Affected versions

1.*

1.0.3

1.0.5

1.0.5.1

v1.*

v1.0.7

v1.10.0

v1.11.0

v1.12.0

v1.2.0

v1.2.1

v1.2.10

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.2.9.1

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.8.1

v1.9.0

v1.9.1