CVE-2022-47318

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ruby-git versions prior to v1.13.0

Description The issue is related to incorrect code generation management in the Ruby/Git library, allowing a remote authenticated attacker to execute arbitrary Ruby code. This can be achieved by having a user load a repository containing a specially crafted filename to the product.

Recommendations For versions prior to v1.13.0, update to version v1.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to repositories that may contain specially crafted filenames until the update is applied.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALT-PU-2023-2040

ALT-PU-2023-4279

ALT-PU-2024-7826

BDU:2024-02286

CVE-2022-47318

DLA-3303-1

DLA-4406-1

GHSA-PPHF-GFRM-V32R

MGASA-2023-0097

RHSA-2023:5931

RHSA-2023:5979

RHSA-2023:5980

RHSA-2023:6818

RLSA-2023:6818

Affected Products

Alt Linux

Debian

Rocky Linux

Ruby-Git

CVE-2022-47318

Weakness Enumeration

Related Identifiers

Affected Products

References · 26