Описание
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections.
Отчет
Red Hat Satellite 10 is marked as affected, as it is shipping the vulnerable code. However, the dependency is not used within the product as such, so the impact is considered as moderate. Other Red Hat Satellite versions are not delivering this dependency, so they are not vulnerable or affected at all.
Дополнительная информация
Статус:
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
The package git before 1.11.0 are vulnerable to Command Injection via ...
Уязвимость библиотеки Ruby/Git интерпретатора Ruby, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3