Remote Code Execution Vulnerability in ruby-git by Ruby
CVE-2022-47318

8HIGH

Key Information:

Vendor: Ruby-git
Status: Ruby-git
Vendor: CVE Published:; 17 January 2023

Summary

The ruby-git product, versions prior to v1.13.0, contains a vulnerability that allows a remote authenticated attacker to execute arbitrary Ruby code. This occurs when a user loads a repository that contains a specially crafted filename, which can exploit the product’s handling of input. It’s crucial for users of ruby-git to update their installations to the latest version to safeguard against this potential risk.

Affected Version(s)

ruby-git versions prior to v1.13.0

References

https://github.com/ruby-git/ruby-git

https://github.com/ruby-git/ruby-git/pull/602

https://jvn.jp/en/jp/JVN16765254/index.html

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2023
Vulnerability Reserved
Dec 28, 2022