Описание
Weblate is vulnerable to RCE through Git config file overwrite
Impact
It was possible to overwrite Git configuration remotely and override some of its behavior.
Resources
Thanks to Jason Marcello for responsible disclosure.
Ссылки
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
- https://nvd.nist.gov/vuln/detail/CVE-2025-68398
- https://github.com/WeblateOrg/weblate/pull/17330
- https://github.com/WeblateOrg/weblate/pull/17345
- https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
- https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
Пакеты
Наименование
Weblate
pip
Затронутые версииВерсия исправления
< 5.15.1
5.15.1
Связанные уязвимости
CVSS3: 9.1
nvd
4 месяца назад
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
CVSS3: 9.1
debian
4 месяца назад
Weblate is a web based localization tool. In versions prior to 5.15.1, ...