CVE-2022-23915

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type Values Removed Values Added
CVSS v2 : 6.5
v3 : 8.8
v2 : 6.5
v3 : 7.2
References () https://github.com/WeblateOrg/weblate/pull/7337 - Patch, Third Party Advisory () https://github.com/WeblateOrg/weblate/pull/7337 - Patch, Third Party Advisory
References () https://github.com/WeblateOrg/weblate/pull/7338 - Patch, Third Party Advisory () https://github.com/WeblateOrg/weblate/pull/7338 - Patch, Third Party Advisory
References () https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 - Patch, Release Notes, Third Party Advisory () https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 - Patch, Release Notes, Third Party Advisory
References () https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 - Patch, Third Party Advisory () https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 - Patch, Third Party Advisory

12 Mar 2022, 01:58

Type Values Removed Values Added
References (CONFIRM) https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 - (CONFIRM) https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/WeblateOrg/weblate/pull/7337 - (CONFIRM) https://github.com/WeblateOrg/weblate/pull/7337 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/WeblateOrg/weblate/pull/7338 - (CONFIRM) https://github.com/WeblateOrg/weblate/pull/7338 - Patch, Third Party Advisory
References (CONFIRM) https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 - (CONFIRM) https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 - Patch, Release Notes, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
CPE cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*
CWE CWE-88

04 Mar 2022, 21:15

Type Values Removed Values Added
Summary The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution. The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.

04 Mar 2022, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-04 20:15

Updated : 2024-11-21 06:49


NVD link : CVE-2022-23915

Mitre link : CVE-2022-23915

CVE.ORG link : CVE-2022-23915


JSON object : View

Products Affected

weblate

  • weblate
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')