Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2159672 (CVE-2022-47318) - CVE-2022-47318 ruby-git: code injection vulnerability
Summary: CVE-2022-47318 ruby-git: code injection vulnerability
Keywords:
Status: NEW
Alias: CVE-2022-47318
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
: 2161642 (view as bug list)
Depends On: 2159673 2159674 2159675 2242358 2242359 2242360
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-01-10 11:26 UTC by ybuenos
Modified: 2023-11-08 14:17 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:5931 0 None None None 2023-10-19 13:13:05 UTC
Red Hat Product Errata RHSA-2023:5979 0 None None None 2023-10-20 18:43:15 UTC
Red Hat Product Errata RHSA-2023:5980 0 None None None 2023-10-20 18:43:58 UTC
Red Hat Product Errata RHSA-2023:6818 0 None None None 2023-11-08 14:17:03 UTC

Description ybuenos 2023-01-10 11:26:22 UTC
ruby-git is a Ruby library that can be used to create, read and operate Git repositories. ruby-git contains multiple code injection vulnerabilities. If a repository containing a specially crafted filename is loaded to the product, an arbitrary ruby code may be executed.

Comment 1 ybuenos 2023-01-10 11:27:11 UTC
Created rubygem-git tracking bugs for this issue:

Affects: epel-8 [bug 2159673]
Affects: fedora-36 [bug 2159674]

Comment 3 ybuenos 2023-01-18 09:00:53 UTC
*** Bug 2161642 has been marked as a duplicate of this bug. ***

Comment 8 errata-xmlrpc 2023-10-19 13:13:04 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.13 for RHEL 8

Via RHSA-2023:5931 https://access.redhat.com/errata/RHSA-2023:5931

Comment 9 errata-xmlrpc 2023-10-20 18:43:14 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.12 for RHEL 8

Via RHSA-2023:5979 https://access.redhat.com/errata/RHSA-2023:5979

Comment 10 errata-xmlrpc 2023-10-20 18:43:56 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.11 for RHEL 7
  Red Hat Satellite 6.11 for RHEL 8

Via RHSA-2023:5980 https://access.redhat.com/errata/RHSA-2023:5980

Comment 11 errata-xmlrpc 2023-11-08 14:17:02 UTC
This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818


Note You need to log in before you can comment on or make changes to this bug.