CVE-2022-46648
HIGH8.0EPSS 2.0%ruby-git has potential remote code execution vulnerability
發布日:2023/1/9修改日:2025/4/4
描述
The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the `git ls-files` command using `eval()` to unescape quoted file names. If a file name was added to the git repository contained special characters, such as `\n`, then the `git ls-files` command would print the file name in quotes and escape any special characters. If the `Git#ls_files` method encountered a quoted file name it would use `eval()` to unquote and unescape any special characters, leading to potential remote code execution. Version 1.13.0 of the git gem was released which correctly parses any quoted file names.
受影響套件(2)
- Debian/ruby-gitfrom 0, < 1.7.0-1+deb11u1
- RubyGems/git>= 1.2.0, < 1.13.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-46648
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-46648
- PATCHhttps://github.com/ruby-git/ruby-git
- WEBhttps://github.com/ruby-git/ruby-git/pull/602
- WEBhttps://github.com/ruby-git/ruby-git/releases/tag/v1.13.0
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/git/CVE-2022-46648.yml
- WEBhttps://jvn.jp/en/jp/JVN16765254/index.html
- WEBhttps://lists.debian.org/debian-lts-announce/2023/01/msg00043.html