ALT Linux Team

Package gem-git update in sisyphus on 2023-06-21

ALT-PU-2023-2040-2

Package gem-git updated to version 1.18.0-alt1 for branch sisyphus in task 323401.

Closed vulnerabilities

Published: 2024-03-25

BDU:2024-02286

Уязвимость библиотеки Ruby/Git интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.0)Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2024-03-26

BDU:2024-02311

Уязвимость библиотеки Ruby/Gitt интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.0)Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (9.0)Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2023-01-17
Modified: 2025-04-04

CVE-2022-46648

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.

Severity: HIGH (8.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-01-17
Modified: 2025-04-04

CVE-2022-47318

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

Severity: HIGH (8.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-01-10
Modified: 2025-04-05

GHSA-pfpr-3463-c6jh

ruby-git has potential remote code execution vulnerability

Severity: HIGH (8.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-01-17
Modified: 2023-01-25

GHSA-pphf-gfrm-v32r

Code injection in ruby git

Severity: HIGH (8.0)Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top