CVE-2022-47318 (git): Code injection in ruby git

Code injection in ruby git

Published: January 17, 2023

SECURITY IDENTIFIERS

CVE: CVE-2022-47318 (NVD)
GHSA: GHSA-pphf-gfrm-v32r
Vendor Advisory: https://github.com/ruby-git/ruby-git/pull/602

GEM

git

SEVERITY

CVSS v3.x: 8.0 (High)

PATCHED VERSIONS

>= 1.13.0

DESCRIPTION

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

https://jvn.jp/en/jp/JVN16765254/index.html

RubySec