Vulnerability Database
Blog
FAQ
Docs
CVE-2023-22970
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-22970
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22970.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22970
Published
2023-05-26T18:15:13Z
Modified
2025-01-15T19:51:02.306243Z
Severity
7.8 (High)
CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
References
https://github.com/bottlesdevs/Bottles/issues/2463
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N24KI3O3FWGKJSLATY35ZM3CHSABJ6WE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJZEE4RAAK7OPVQNE4BOWUVQDVSZU6NJ/
Affected packages
Git
/
github.com/bottlesdevs/bottles
Affected ranges
Type
GIT
Repo
https://github.com/bottlesdevs/bottles
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
723133c971d115933f7aeb9520c3161e8e9a2d8b
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.8
0.0.9
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.8.1
2.0.9
2.0.9.1
2.0.9.2
2.0.9.3
2.0.9.4
2.0.9.5
2.0.9.6
2.0.9.7
2.0.9.8
2021.*
2021.10.14-treviso
2021.10.14-treviso-1
2021.10.14-treviso-2
2021.10.28-treviso
2021.11.14-treviso
2021.11.14-treviso-1
2021.11.14-treviso-2
2021.11.14-treviso-3
2021.11.14-treviso-4
2021.11.28-treviso
2021.12.14-treviso
2021.12.14-treviso-1
2021.12.14-treviso-2
2021.12.14-treviso-3
2021.12.14-treviso-4
2021.12.28-treviso
2021.7.1-treviso
2021.7.14-treviso
2021.7.2-treviso
2021.7.28-treviso
2021.7.28-treviso-1
2021.7.28-treviso-2
2021.7.3-treviso
2021.8.14-treviso
2021.8.28-treviso
2021.8.28-treviso-1
2021.8.28-treviso-2
2021.8.28-treviso-3
2021.8.28-treviso-4
2021.9.14-treviso
2021.9.28-treviso
2022.*
2022.1.14-trento
2022.1.14-trento-1
2022.1.14-trento-2
2022.1.14-trento-3
2022.1.14-trento-4
2022.1.28-trento
2022.1.28-trento-1
2022.1.28-trento-2
2022.1.28-trento-3
2022.1.28-trento-4
2022.10.14
2022.10.14.1
2022.11.14
2022.12.14
2022.12.14.1
2022.2.14-trento
2022.2.28-trento
2022.2.28-trento-1
2022.2.28-trento-2
2022.2.28-trento-3
2022.2.28-trento-4
2022.3.14-trento
2022.3.14-trento-1
2022.3.14-trento-2
2022.3.14-trento-3
2022.3.28-trento
2022.3.28-trento-1
2022.4.14-trento
2022.4.14-trento-1
2022.4.14-trento-2
2022.4.28-trento
2022.5.14-trento
2022.5.14-trento-1
2022.5.14-trento-2
2022.5.14-trento-3
2022.5.2-trento
2022.5.2-trento-1
2022.5.2-trento-2
2022.5.2-trento-3
2022.5.28-trento
2022.5.28-trento-1
2022.5.28-trento-2
2022.5.28-trento-3
2022.6.14-brescia
2022.6.14-brescia-1
2022.6.28-brescia
2022.7.14-brescia
2022.7.14-brescia-1
2022.7.14-brescia-2
2022.7.14-brescia-3
2022.7.28-brescia
2022.7.28-brescia-1
2022.7.28-brescia-2
2022.8.14-brescia
2022.8.14-brescia-1
2022.8.28-brescia
2022.8.28-brescia-1
2022.8.28-brescia-2
2022.9.28
2022.9.28.1
3.*
3.0
3.0.1
3.0.1.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.7
3.1.8
3.1.9
Other
50
continuous-unstable-gh
nightly
snap
unstable
50.*
50.1
CVE-2023-22970 - OSV