CVE-2022-23915

Опубликовано: 04 мар. 2022

Источник: nvd

CVSS3: 7.2

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.

Ссылки

https://github.com/WeblateOrg/weblate/pull/7337
Patch
Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7338
Patch
Third Party Advisory
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1
Patch
Release Notes
Third Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088
Patch
Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7337
Patch
Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7338
Patch
Third Party Advisory
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1
Patch
Release Notes
Third Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Версия до 4.11.1 (исключая)

EPSS

Процентиль: 82%

0.01633

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-88

Связанные уязвимости

CVE-2022-23915

CVSS3: 7.2

debian

почти 4 года назад

The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...

GHSA-3872-f48p-pxqj

CVSS3: 8.8

github

почти 4 года назад

Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate

EPSS

Процентиль: 82%

0.01633

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-88