{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-25648","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","dateUpdated":"2024-09-16T17:59:47.353Z","dateReserved":"2022-02-24T00:00:00.000Z","datePublished":"2022-04-19T16:35:11.215Z"},"containers":{"cna":{"title":"Command Injection","datePublic":"2022-04-19T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-01-31T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection."}],"affected":[{"vendor":"n/a","product":"git","versions":[{"version":"unspecified","lessThan":"1.11.0","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-RUBY-GIT-2421270"},{"url":"https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0"},{"url":"https://github.com/ruby-git/ruby-git/pull/569"},{"name":"FEDORA-2022-353e1cf8b6","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"},{"name":"FEDORA-2022-f09e0d8b0e","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"},{"name":"FEDORA-2022-1aa40056fc","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"},{"name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}],"credits":[{"lang":"en","value":"Alessio Della Libera of Snyk Research Team"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","exploitCodeMaturity":"PROOF_OF_CONCEPT","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","baseScore":8.1,"temporalScore":7.7,"baseSeverity":"HIGH","temporalSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Command Injection"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T04:42:50.664Z"},"title":"CVE Program Container","references":[{"url":"https://snyk.io/vuln/SNYK-RUBY-GIT-2421270","tags":["x_transferred"]},{"url":"https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0","tags":["x_transferred"]},{"url":"https://github.com/ruby-git/ruby-git/pull/569","tags":["x_transferred"]},{"name":"FEDORA-2022-353e1cf8b6","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"},{"name":"FEDORA-2022-f09e0d8b0e","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"},{"name":"FEDORA-2022-1aa40056fc","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"},{"name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}]}]}}