CVE-2022-46648

CVSS V2 None CVSS V3 None
Description
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
Overview
  • CVE ID
  • CVE-2022-46648
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-17T10:15:11
  • Last Modified Date
  • 2023-02-02T18:45:42
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ruby-git_project:ruby-git:*:*:*:*:*:*:*:* 1 OR 1.13.0
History
Created Old Value New Value Data Type Notes
2023-01-17 11:15:20 Added to TrackCVE
2023-01-17 14:15:25 2023-01-17T13:24:30 CVE Modified Date updated
2023-01-17 14:15:25 Received Awaiting Analysis Vulnerability Status updated
2023-01-23 16:14:28 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-24 20:13:56 2023-01-24T19:17:52 CVE Modified Date updated
2023-01-24 20:13:56 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-24 20:13:57 Weakness Enumeration new
2023-01-24 20:13:59 CPE Information updated
2023-01-31 02:12:58 2023-01-31T01:15:12 CVE Modified Date updated
2023-01-31 02:12:58 Analyzed Modified Vulnerability Status updated
2023-01-31 02:12:59 References updated
2023-02-01 19:14:25 Modified Undergoing Analysis Vulnerability Status updated
2023-02-02 19:14:19 2023-02-02T18:45:42 CVE Modified Date updated
2023-02-02 19:14:19 Undergoing Analysis Analyzed Vulnerability Status updated