{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-25648", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "dateUpdated": "2024-09-16T17:59:47.353Z", "dateReserved": "2022-02-24T00:00:00", "datePublished": "2022-04-19T16:35:11.215526Z"}, "containers": {"cna": {"title": "Command Injection", "datePublic": "2022-04-19T00:00:00", "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2023-01-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection."}], "affected": [{"vendor": "n/a", "product": "git", "versions": [{"version": "unspecified", "lessThan": "1.11.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270"}, {"url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0"}, {"url": "https://github.com/ruby-git/ruby-git/pull/569"}, {"name": "FEDORA-2022-353e1cf8b6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"}, {"name": "FEDORA-2022-f09e0d8b0e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"}, {"name": "FEDORA-2022-1aa40056fc", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}], "credits": [{"lang": "en", "value": "Alessio Della Libera of Snyk Research Team"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "baseScore": 8.1, "temporalScore": 7.7, "baseSeverity": "HIGH", "temporalSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Command Injection"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:42:50.664Z"}, "title": "CVE Program Container", "references": [{"url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270", "tags": ["x_transferred"]}, {"url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0", "tags": ["x_transferred"]}, {"url": "https://github.com/ruby-git/ruby-git/pull/569", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-353e1cf8b6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"}, {"name": "FEDORA-2022-f09e0d8b0e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"}, {"name": "FEDORA-2022-1aa40056fc", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3303-1] ruby-git security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:git:git:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "70BB47C9-3731-4F8A-8415-A9FE2F8D8B96", "versionEndExcluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection."}, {"lang": "es", "value": "El paquete git versiones anteriores a 1.11.0, es vulnerable a una inyecci\u00f3n de comandos por medio de una inyecci\u00f3n de argumentos git. Cuando es llamada a la funci\u00f3n fetch(remote = \"origin\", opts = {}), el par\u00e1metro remoto es pasado al subcomando git fetch de forma que pueden establecerse flags adicionales. Los flags adicionales pueden ser usados para llevar a cabo una inyecci\u00f3n de comandos"}], "id": "CVE-2022-25648", "lastModified": "2024-11-21T06:52:30.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-19T17:15:11.333", "references": [{"source": "report@snyk.io", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ruby-git/ruby-git/pull/569"}, {"source": "report@snyk.io", "tags": ["Release Notes"], "url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0"}, {"source": "report@snyk.io", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}, {"source": "report@snyk.io", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"}, {"source": "report@snyk.io", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"}, {"source": "report@snyk.io", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"}, {"source": "report@snyk.io", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ruby-git/ruby-git/pull/569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-RUBY-GIT-2421270"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8506", "cpe": "cpe:/a:redhat:satellite:6.12::el8", "impact": "moderate", "package": "rubygem-git-0:1.11.0-1.el8sat", "product_name": "Red Hat Satellite 6.12 for RHEL 8", "release_date": "2022-11-16T00:00:00Z"}], "bugzilla": {"description": "ruby-git: package vulnerable to Command Injection via git argument injection", "id": "2076843", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076843"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-88", "details": ["The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.", "A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections."], "name": "CVE-2022-25648", "public_date": "2022-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-25648\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25648\nhttps://snyk.io/vuln/SNYK-RUBY-GIT-2421270"], "statement": "Red Hat Satellite 10 is marked as affected, as it is shipping the vulnerable code. However, the dependency is not used within the product as such, so the impact is considered as moderate. Other Red Hat Satellite versions are not delivering this dependency, so they are not vulnerable or affected at all.", "threat_severity": "Critical", "upstream_fix": "ruby-git 1.11.0"}