Lucene search
K

4 matches found

Prion
Prion
added 2022/09/21 11:15 p.m.22 views

Command injection

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

4.4CVSS7.8AI score0.01628EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/09/21 11:10 p.m.113 views

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

7.8CVSS7.3AI score0.01628EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/21 11:10 p.m.91 views

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

7CVSS8.1AI score0.01628EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/09/21 5:0 p.m.33 views

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

7.8CVSS7.5AI score0.01628EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder