70 matches found
UBUNTU-CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318...
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318...
ruby-git 安全漏洞
ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls into git binaries. A security vulnerability exists in ruby-git v1.13.0 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary ruby code by...
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
CVE-2022-46648
CVE-2022-46648 affects ruby-git before v1.13.0, where a remote authenticated attacker can cause arbitrary Ruby code execution by having a user load a repository containing a specially crafted filename. The linked Debian/Mageia/Fedora advisories confirm updates to fix this in various distributions...
CVE-2022-47318
CVE-2022-47318 affects the ruby-git library. Vulnerable in versions prior to v1.13.0, it allows a remote authenticated attacker to execute arbitrary Ruby code by loading a repository containing a specially crafted filename. Several advisories confirm this issue alongside CVE-2022-46648, with Debi...
CVE-2022-46648
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318...
ruby-git 代码注入漏洞
ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls into git binaries. A security vulnerability exists in ruby-git v1.13.0 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary ruby code by...
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
Code injection in ruby git
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648...
Remote Code Execution (RCE)
Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Remote Code Execution RCE due to the usage of the insecure eval function in the lsfiles method, which...
GHSA-PFPR-3463-C6JH ruby-git has potential remote code execution vulnerability
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the git ls-files command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as \n, then the git ls-files command would print the file name in...
Multiple code injection vulnerabilities in ruby-git
Overview ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Yuki Kokubun of DeNA Co., Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#16765254: Multiple code injection vulnerabilities in ruby-git
ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities CWE-94. Impact If a repository containing a specially crafted filename is loaded to the product, an arbitrary ruby code may be executed. Solution...
Potential remote code execution in ruby-git
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file nam...
Mageia: Security Advisory (MGASA-2022-0248)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0248 Updated ruby-git packages fix security vulnerability
Command Injection via git argument injection CVE-2022-25648...
Updated ruby-git packages fix security vulnerability
Command Injection via git argument injection CVE-2022-25648...