Base Score

HIGH8

CVE-2022-47318

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

VectorNETWORK

Published Byvultures@jpcert.or.jp

Published DateJan 17, 2023, 10:15

Affected Versions(1)

git(RubyGems)

Introduced0

Fixed1.13.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
git(RubyGems)	0	1.13.0	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH8

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH