ADVISORIES

• CVE-2022-47318 (NVD)
• GHSA-pphf-gfrm-v32r
• Vendor Advisory

GEM

git

SEVERITY

CVSS v3.x: 8.0 (High)

PATCHED VERSIONS

• >= 1.13.0

DESCRIPTION

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

RELATED

• https://jvn.jp/en/jp/JVN16765254/index.html