Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-33127

Опубликовано: 23 июн. 2022
Источник: debian
EPSS Низкий

Описание

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
ruby-diffynot-affectedpackage

EPSS

Процентиль: 67%
0.0054
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2022-33127

CVSS3: 9.8
ubuntu
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

redhat логотип

CVE-2022-33127

CVSS3: 7.5
redhat
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

nvd логотип

CVE-2022-33127

CVSS3: 9.8
nvd
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

github логотип

GHSA-5ww9-9qp2-x524

CVSS3: 9.8
github
больше 3 лет назад

Improper handling of double quotes in file name in Diffy in Windows environment

EPSS

Процентиль: 67%
0.0054
Низкий