Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/git@1.0.4

Type gem

Namespace

Name git

Version 1.0.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.13.0

Latest_non_vulnerable_version 1.13.0

Affected_by_vulnerabilities

url VCID-56kh-cvav-7ua2

vulnerability_id VCID-56kh-cvav-7ua2

summary

Improper Control of Generation of Code ('Code Injection')
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47318.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47318

reference_id

reference_type

scores

value	0.00438
scoring_system	epss
scoring_elements	0.63465
published_at	2026-06-07T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63472
published_at	2026-06-09T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63453
published_at	2026-06-08T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64749
published_at	2026-06-05T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64758
published_at	2026-06-06T12:55:00Z

value	0.00465
scoring_system	epss
scoring_elements	0.64708
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47318

reference_url

https://github.com/ruby-git/ruby-git

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:52:43Z/

url

https://github.com/ruby-git/ruby-git

reference_url

https://github.com/ruby-git/ruby-git/pull/602

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:52:43Z/

url

https://github.com/ruby-git/ruby-git/pull/602

reference_url

https://jvn.jp/en/jp/JVN16765254/index.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:52:43Z/

url

https://jvn.jp/en/jp/JVN16765254/index.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:52:43Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2159672
reference_id	2159672
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2159672

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/

reference_id

4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-04T15:52:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-47318

reference_id

CVE-2022-47318

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-47318

reference_url

https://github.com/advisories/GHSA-pphf-gfrm-v32r

reference_id

GHSA-pphf-gfrm-v32r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pphf-gfrm-v32r

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:5979
reference_id	RHSA-2023:5979
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5979

reference_url	https://access.redhat.com/errata/RHSA-2023:5980
reference_id	RHSA-2023:5980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5980

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:gem/git@1.13.0
purl	pkg:gem/git@1.13.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/git@1.13.0

aliases CVE-2022-47318, GHSA-pphf-gfrm-v32r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-56kh-cvav-7ua2

url VCID-sbpw-p6f8-3qgs

vulnerability_id VCID-sbpw-p6f8-3qgs

summary

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The package git before 1.11.0 is vulnerable to Command Injection via git argument injection. When calling the `fetch(remote = 'origin', opts = {})` function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25648.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25648.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25648

reference_id

reference_type

scores

value	0.05735
scoring_system	epss
scoring_elements	0.90626
published_at	2026-06-09T12:55:00Z

value	0.05735
scoring_system	epss
scoring_elements	0.9061
published_at	2026-06-08T12:55:00Z

value	0.05735
scoring_system	epss
scoring_elements	0.90612
published_at	2026-06-07T12:55:00Z

value	0.05735
scoring_system	epss
scoring_elements	0.90614
published_at	2026-06-06T12:55:00Z

value	0.05735
scoring_system	epss
scoring_elements	0.906
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25648

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25648
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25648

reference_url

https://github.com/ruby-git/ruby-git

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-git/ruby-git

reference_url

https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159

reference_url

https://github.com/ruby-git/ruby-git/pull/569

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/ruby-git/ruby-git/pull/569

reference_url	https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0
reference_id
reference_type
scores
url	https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/git/CVE-2022-25648.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/git/CVE-2022-25648.yml

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/

reference_url

https://snyk.io/vuln/SNYK-RUBY-GIT-2421270

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-RUBY-GIT-2421270

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009926
reference_id	1009926
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009926

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2076843
reference_id	2076843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2076843

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-25648

reference_id

CVE-2022-25648

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-25648

reference_url

https://github.com/advisories/GHSA-69p6-wvmq-27gg

reference_id

GHSA-69p6-wvmq-27gg

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-69p6-wvmq-27gg

reference_url	https://access.redhat.com/errata/RHSA-2022:8506
reference_id	RHSA-2022:8506
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8506

fixed_packages

url pkg:gem/git@1.11.0

purl pkg:gem/git@1.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-21we-9azk-9bhk

vulnerability	VCID-56kh-cvav-7ua2

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/git@1.11.0

aliases CVE-2022-25648, GHSA-69p6-wvmq-27gg

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbpw-p6f8-3qgs

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/git@1.0.4

Package Instance