Описание
Weblate is vulnerable to RCE through Git config file overwrite
Impact
It was possible to overwrite Git configuration remotely and override some of its behavior.
Resources
Thanks to Jason Marcello for responsible disclosure.
Ссылки
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-8vcg-cfxj-p5m3
- https://nvd.nist.gov/vuln/detail/CVE-2025-68398
- https://github.com/WeblateOrg/weblate/pull/17330
- https://github.com/WeblateOrg/weblate/pull/17345
- https://github.com/WeblateOrg/weblate/commit/4837a4154390f7c1d03c0e398aa6439dcfa361b4
- https://github.com/WeblateOrg/weblate/commit/dd8c9d7b00eebe28770fa0e2cd96126791765ea7
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-5.15.1
Пакеты
Наименование
Weblate
pip
Затронутые версииВерсия исправления
< 5.15.1
5.15.1
Связанные уязвимости
CVSS3: 9.1
nvd
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
CVSS3: 9.1
debian
около 2 месяцев назад
Weblate is a web based localization tool. In versions prior to 5.15.1, ...