6 matches found
CVE-2022-39224
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
CVE-2022-39224
creationtimestamp| type| source ---|---|--- 2022-09-22 02:23:30+00:00| seen| https://t.me/cibsecurity/50247 2025-06-24 11:11:05+00:00| confirmed| https://gist.github.com/FrancoisCapon/a196def512f709769d99d9fba9f55cfc...
CVE-2022-39224
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...
CVE-2022-39224
Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...
CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.
Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...