ALT-PU-2024-7826-5
Closed vulnerabilities
Published: 2022-01-05
BDU:2024-02286
Уязвимость библиотеки Ruby/Git интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.0)
Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-01-05
BDU:2024-02311
Уязвимость библиотеки Ruby/Gitt интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.0)
Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-01-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Severity: HIGH (8.0)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/ruby-git/ruby-git
- https://github.com/ruby-git/ruby-git
- https://github.com/ruby-git/ruby-git/pull/602
- https://github.com/ruby-git/ruby-git/pull/602
- https://jvn.jp/en/jp/JVN16765254/index.html
- https://jvn.jp/en/jp/JVN16765254/index.html
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update
Published: 2023-01-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Severity: HIGH (8.0)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/ruby-git/ruby-git
- https://github.com/ruby-git/ruby-git
- https://github.com/ruby-git/ruby-git/pull/602
- https://github.com/ruby-git/ruby-git/pull/602
- https://jvn.jp/en/jp/JVN16765254/index.html
- https://jvn.jp/en/jp/JVN16765254/index.html
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update
- [debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update
- FEDORA-2023-e3985c2b3b
- FEDORA-2023-e3985c2b3b