Lucene search

RubySecRUBY:GIT-2022-46648

HistoryJan 04, 2023 - 9:00 p.m.

Potential remote code execution in ruby-git

2023-01-0421:00:00

RubySec

github.com

ruby-git

remote code execution

gem vulnerability

git ls-files

special characters

eval method

quoted file names

version 1.2.0 to 1.12.0

version 1.13.0 fix

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.6%

JSON

The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output
of the ‘git ls-files’ command using eval() to unescape quoted file names.
If a file name was added to the git repository contained special characters,
such as ‘\n’, then the ‘git ls-files’ command would print the file name in
quotes and escape any special characters.
If the ‘Git#ls_files’ method encountered a quoted file name it would use
eval() to unquote and unescape any special characters, leading to potential
remote code execution. Version 1.13.0 of the git gem was released which
correctly parses any quoted file names.

Affected configurations

Vulners

Node

rubygitRange≤1.13.0

VendorProductVersionCPE
rubygit*cpe:2.3:a:ruby:git:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	git	*	cpe:2.3:a:ruby:git::::::::

References

github.com/ruby-git/ruby-git/pull/602

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

58.6%

JSON

Related for RUBY:GIT-2022-46648