CVE-2022-31249

Name of the Vulnerable Software and Affected Versions SUSE Rancher wrangler versions 0.7.3 and prior versions SUSE Rancher wrangler versions 0.8.4 and prior versions SUSE Rancher wrangler versions 1.0.0 and prior versions

Description A command injection vulnerability exists in the Wrangler Git package, allowing remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. Specially crafted commands can be passed to Wrangler that will change their behavior and cause confusion when executed through Git, resulting in command injection in the underlying host.

Recommendations For SUSE Rancher wrangler versions 0.7.3 and prior versions, update to version 0.7.4-security1 or later. For SUSE Rancher wrangler versions 0.8.4 and prior versions, update to version 0.8.5-security1 or later. For SUSE Rancher wrangler versions 1.0.0 and prior versions, update to version 1.0.1 or later. As a temporary workaround, consider sanitizing input passed to the Git package to remove potential unsafe and ambiguous characters.