RubyGems package

git

pkg:gem/git

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-47318	—	< 1.13.0	1.13.0	Jan 17, 2023	ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
CVE-2022-46648	—	>= 1.2.0, < 1.13.0	1.13.0	Jan 17, 2023	ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
CVE-2022-25648	—	< 1.11.0	1.11.0	Apr 19, 2022	The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags

CVE-2022-47318Jan 17, 2023
affected < 1.13.0fixed 1.13.0
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
CVE-2022-46648Jan 17, 2023
affected >= 1.2.0, < 1.13.0fixed 1.13.0
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
CVE-2022-25648Apr 19, 2022
affected < 1.11.0fixed 1.11.0
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags