Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-33127

Опубликовано: 23 июн. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Satellite 6rubygem-diffyNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2101888rubygem-diffy: remote code execution from user controlled diff file paths

EPSS

Процентиль: 67%
0.0054
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-33127

CVSS3: 9.8
ubuntu
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

nvd логотип

CVE-2022-33127

CVSS3: 9.8
nvd
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string.

debian логотип

CVE-2022-33127

CVSS3: 9.8
debian
больше 3 лет назад

The function that calls the diff tool in Diffy 3.4.1 does not properly ...

github логотип

GHSA-5ww9-9qp2-x524

CVSS3: 9.8
github
больше 3 лет назад

Improper handling of double quotes in file name in Diffy in Windows environment

EPSS

Процентиль: 67%
0.0054
Низкий

7.5 High

CVSS3