CVE-2022-23915

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
References
Link Resource
https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 Patch Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7338 Patch Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7337 Patch Third Party Advisory
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 Patch Release Notes Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*

Information

Published : 2022-03-04 12:15

Updated : 2022-03-11 17:58


NVD link : CVE-2022-23915

Mitre link : CVE-2022-23915


JSON object : View

CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Advertisement

dedicated server usa

Products Affected

weblate

  • weblate