Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 7:35 p.m.6 views

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7.8CVSS7.2AI score0.01628EPSS
Exploits1References1
Circl
Circl
added 2022/09/22 2:23 a.m.63 views

CVE-2022-39224

creationtimestamp| type| source ---|---|--- 2022-09-22 02:23:30+00:00| seen| https://t.me/cibsecurity/50247 2025-06-24 11:11:05+00:00| confirmed| https://gist.github.com/FrancoisCapon/a196def512f709769d99d9fba9f55cfc...

7.8CVSS7.4AI score0.01628EPSS
Exploits1References2
NVD
NVD
added 2022/09/21 11:15 p.m.102 views

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7.8CVSS0.01628EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/21 11:10 p.m.6 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.01628EPSS
Exploits1References3
CVE
CVE
added 2022/09/21 11:10 p.m.114 views

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

7.8CVSS7.3AI score0.01628EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/21 11:10 p.m.92 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.01628EPSS
Exploits1References3
Rows per page
Query Builder