Lucene search
Gentoo FoundationMGASA-2023-0097HistoryMar 19, 2023 - 1:16 a.m.
Updated ruby-git packages fix security vulnerability
2023-03-1901:16:28
Gentoo Foundation
advisories.mageia.org
19
ruby-git
security vulnerability
remote attack
authenticated
arbitrary code
repository
crafted filename
cve-2022-46648
cve-2022-47318
unix
CVSS3
8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.9%
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. (CVE-2022-46648, CVE-2022-47318)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | ruby-git | < 1.6.0-1.2 | ruby-git-1.6.0-1.2.mga8 |
Related
jvn
jvn
JVN#16765254: Multiple code injection vulnerabilities in ruby-git
2023-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2022-46648
2023-01-17 00:00:00
CVE-2022-47318
2023-01-17 00:00:00
debiancve
debiancve
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
osv
osv
Code injection in ruby git
2023-01-17 12:30:33
CVE-2022-47318
2023-01-17 10:15:11
CVE-2022-46648
2023-01-17 10:15:11
nvd
nvd
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-47318
2023-01-17 10:15:11
rubygems
rubygems
Code injection in ruby git
2023-01-16 21:00:00
Potential remote code execution in ruby-git
2023-01-04 21:00:00
nessus
nessus
Fedora 37 : rubygem-git (2023-e3985c2b3b)
2023-01-29 00:00:00
Debian DLA-3303-1 : ruby-git - LTS security update
2023-01-31 00:00:00
RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)
2024-04-28 00:00:00
cvelist
cvelist
CVE-2022-46648
2023-01-17 00:00:00
CVE-2022-47318
2023-01-17 00:00:00
cve
cve
CVE-2022-46648
2023-01-17 10:15:11
CVE-2022-47318
2023-01-17 10:15:11
prion
prion
Code injection
2023-01-17 10:15:00
Code injection
2023-01-17 10:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0097)
2023-03-28 00:00:00
Debian: Security Advisory (DLA-3303-1)
2023-01-31 00:00:00
Fedora: Security Advisory for rubygem-git (FEDORA-2023-e3985c2b3b)
2023-01-30 00:00:00
github
github
Code injection in ruby git
2023-01-17 12:30:33
ruby-git has potential remote code execution vulnerability
2023-01-09 21:55:14
debian
debian
[SECURITY] [DLA 3303-1] ruby-git security update
2023-01-30 22:33:35
redhatcve
redhatcve
CVE-2022-47318
2023-01-17 13:36:33
CVE-2022-46648
2023-03-02 09:01:38
veracode
veracode
Remote Code Execution
2023-01-12 08:22:42
Remote Code Execution
2023-02-14 13:21:45
fedora
fedora
[SECURITY] Fedora 37 Update: rubygem-git-1.13.0-1.fc37
2023-01-30 01:28:25
redhat
redhat
(RHSA-2023:5980) Important: Satellite 6.11.5.6 async security update
2023-10-20 18:38:54
(RHSA-2023:5979) Important: Satellite 6.12.5.2 Async Security Update
2023-10-20 18:38:33
(RHSA-2023:5931) Important: Satellite 6.13.5 Async Security Update
2023-10-19 12:48:52
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
CVSS3
8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
0.003
Percentile
68.9%
Related for MGASA-2023-0097