Search for packages
| purl | pkg:gem/git@1.11.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-21we-9azk-9bhk
Aliases: CVE-2022-46648 GHSA-pfpr-3463-c6jh GMS-2023-9 |
Potential remote code execution in ruby-git The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the 'git ls-files' command using eval() to unescape quoted file names. If a file name was added to the git repository contained special characters, such as '\n', then the 'git ls-files' command would print the file name in quotes and escape any special characters. If the 'Git#ls_files' method encountered a quoted file name it would use eval() to unquote and unescape any special characters, leading to potential remote code execution. Version 1.13.0 of the git gem was released which correctly parses any quoted file names. |
Affected by 0 other vulnerabilities. |
|
VCID-56kh-cvav-7ua2
Aliases: CVE-2022-47318 GHSA-pphf-gfrm-v32r |
Improper Control of Generation of Code ('Code Injection') ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-sbpw-p6f8-3qgs | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') The package git before 1.11.0 is vulnerable to Command Injection via git argument injection. When calling the `fetch(remote = 'origin', opts = {})` function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
CVE-2022-25648
GHSA-69p6-wvmq-27gg |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T03:23:39.970334+00:00 | GitLab Importer | Affected by | VCID-56kh-cvav-7ua2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/git/CVE-2022-47318.yml | 38.6.0 |
| 2026-06-06T03:22:06.093152+00:00 | GitLab Importer | Affected by | VCID-21we-9azk-9bhk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/git/CVE-2022-46648.yml | 38.6.0 |
| 2026-06-05T21:22:02.089552+00:00 | GHSA Importer | Fixing | VCID-sbpw-p6f8-3qgs | https://github.com/advisories/GHSA-69p6-wvmq-27gg | 38.6.0 |
| 2026-06-04T17:44:42.566383+00:00 | GithubOSV Importer | Fixing | VCID-sbpw-p6f8-3qgs | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-69p6-wvmq-27gg/GHSA-69p6-wvmq-27gg.json | 38.6.0 |
| 2026-06-02T04:42:03.326395+00:00 | GitLab Importer | Fixing | VCID-sbpw-p6f8-3qgs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/git/CVE-2022-25648.yml | 38.6.0 |