PYSEC-2022-162
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/weblate/PYSEC-2022-162.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2022-162
- Aliases
-
- BIT-weblate-2022-23915
- CVE-2022-23915
- CVE-2022-24727
- GHSA-3872-f48p-pxqj
- GHSA-h2g5-2rhx-ffgj
- PYSEC-2022-31
- SNYK-PYTHON-WEBLATE-2414088
- Published
- 2022-03-04T17:15:00Z
- Modified
- 2023-12-06T01:02:02.756846Z
- Summary
- [none]
- Details
-
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.
- References
Affected packages
PyPI / weblate
Package
- Name
- weblate
- View open source insights on deps.dev
- Purl
- pkg:pypi/weblate
Affected ranges
- Type
- GIT
- Repo
- https://github.com/WeblateOrg/weblate
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.11.1
Affected versions
1.*
1.9
2.*
2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.10.1
2.11
2.12
2.13
2.13.1
2.14
2.14.1
2.15
2.16
2.17
2.17.1
2.18
2.19
2.19.1
2.20
3.*
3.0
3.0.1
3.1
3.1.1
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.5.1
3.6
3.6.1
3.7
3.7.1
3.8
3.9
3.9.1
3.10
3.10.1
3.10.2
3.10.3
3.11
3.11.1
3.11.2
3.11.3
4.*
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1
4.1.1
4.2
4.2.1
4.2.2
4.3
4.3.1
4.3.2
4.4
4.4.1
4.4.2
4.5
4.5.1
4.5.2
4.5.3
4.6
4.6.1
4.6.2
4.7
4.7.1
4.7.2
4.8
4.8.1
4.9
4.9.1
4.10
4.10.1
4.11