CVE-2022-24727

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 4.11.1

Description Weblate is a web-based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issue allows authenticated users to change the behavior of the application in an unintended way, leading to command execution via argument injection when using Git or Mercurial repositories.

Recommendations For Weblate versions prior to 4.11.1, update to version 4.11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to Git and Mercurial repositories for untrusted users. Additionally, instances where untrusted users cannot create new components can be considered not affected, thus no immediate action is required for these cases.