Ruby/git/1.0.4
The git gem provides an API that can be used to create, read, and manipulate Git repositories by wrapping system calls to the git command line. The API can be used for working with Git in complex interactions including branching and merging, object inspection and manipulation, history, patch generation and more.
https://rubygems.org/gems/git
UNKNOWN
4 Security Vulnerabilities
Command injection in ruby-git
- https://nvd.nist.gov/vuln/detail/CVE-2022-25648
- https://github.com/ruby-git/ruby-git/pull/569
- https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0
- https://snyk.io/vuln/SNYK-RUBY-GIT-2421270
- https://github.com/advisories/GHSA-69p6-wvmq-27gg
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTJUF6SFPL4ZVSJQHGQ36KFPFO5DQVYZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q2V3HOFU4ZVTQZHAVAVL3EX2KU53SP7R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNJA7WPE67LJ3DJMWZ2TADHCZKWMY55/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/git/CVE-2022-25648.yml
- https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159
The package prior to v1.11.0 is vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {})
function, the remote parameter is passed to the git fetch
subcommand in a way such that additional flags can be set. The additional flags can be used to perform a command injection.
Code injection in ruby git
- https://nvd.nist.gov/vuln/detail/CVE-2022-47318
- https://github.com/ruby-git/ruby-git/pull/602
- https://github.com/ruby-git/ruby-git
- https://jvn.jp/en/jp/JVN16765254/index.html
- https://github.com/advisories/GHSA-pphf-gfrm-v32r
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/
- https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Command injection in ruby-git
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Code injection in ruby git
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
48 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
2.0.0 | MIT | 2024-05-11 - 00:23 | 6 days | |
2.0.0.pre3 | MIT | 2024-03-15 - 20:39 | 2 months | |
2.0.0.pre2 | MIT | 2024-02-24 - 18:02 | 3 months | |
2.0.0.pre1 | MIT | 2024-01-15 - 23:08 | 4 months | |
1.19.1 | MIT | 2024-01-13 - 23:41 | 4 months | |
1.19.0 | MIT | 2023-12-29 - 06:18 | 5 months | |
1.18.0 | MIT | 2023-03-19 - 16:55 | about 1 year | |
1.17.2 | MIT | 2023-03-07 - 17:23 | about 1 year | |
1.17.1 | MIT | 2023-03-06 - 16:32 | about 1 year | |
1.17.0 | MIT | 2023-03-06 - 01:18 | about 1 year | |
1.16.0 | MIT | 2023-03-04 - 00:55 | about 1 year | |
1.15.0 | MIT | 2023-03-01 - 21:36 | about 1 year | |
1.14.0 | MIT | 2023-02-26 - 15:32 | about 1 year | |
1.13.2 | MIT | 2023-02-02 - 22:47 | over 1 year | |
1.13.1 | MIT | 2023-01-12 - 22:00 | over 1 year | |
1.13.0 | MIT | 2022-12-14 - 21:33 | over 1 year | |
1.12.0 | MIT | 4 | 2022-08-18 - 17:47 | over 1 year |
1.11.0 | MIT | 4 | 2022-04-17 - 23:31 | about 2 years |
1.10.2 | MIT | 6 | 2022-01-06 - 23:38 | over 2 years |
1.10.1 | MIT | 6 | 2022-01-03 - 21:16 | over 2 years |
1.10.0 | MIT | 6 | 2021-12-20 - 17:05 | over 2 years |
1.9.1 | MIT | 6 | 2021-07-07 - 16:50 | almost 3 years |
1.9.0 | MIT | 6 | 2021-07-06 - 19:51 | almost 3 years |
1.8.1 | MIT | 6 | 2020-12-31 - 21:03 | over 3 years |
1.8.0 | MIT | 6 | 2020-12-31 - 18:42 | over 3 years |
1.7.0 | MIT | 6 | 2020-04-25 - 21:46 | about 4 years |
1.6.0 | MIT | 6 | 2020-02-02 - 16:13 | over 4 years |
1.6.0.pre1 | MIT | 6 | 2020-01-20 - 20:50 | over 4 years |
1.5.0 | MIT | 6 | 2018-08-10 - 07:58 | almost 6 years |
1.4.0 | MIT | 6 | 2018-05-16 - 06:50 | about 6 years |
1.3.0 | MIT | 6 | 2016-02-25 - 22:21 | about 8 years |
1.2.9.1 | MIT | 6 | 2015-01-14 - 03:16 | over 9 years |
1.2.9 | MIT | 6 | 2015-01-12 - 19:53 | over 9 years |
1.2.8 | MIT | 6 | 2014-07-31 - 20:03 | almost 10 years |
1.2.7 | MIT | 6 | 2014-06-09 - 20:08 | almost 10 years |
1.2.6 | MIT | 6 | 2013-08-18 - 00:56 | over 10 years |
1.2.5 | UNKNOWN | 6 | 2009-10-17 - 18:05 | over 14 years |
1.2.4 | UNKNOWN | 6 | 2009-10-02 - 09:51 | over 14 years |
1.2.3 | UNKNOWN | 6 | 2009-10-01 - 09:43 | over 14 years |
1.2.2 | UNKNOWN | 6 | 2009-08-02 - 11:07 | almost 15 years |
1.2.1 | UNKNOWN | 6 | 2009-08-02 - 04:09 | almost 15 years |
1.2.0 | UNKNOWN | 6 | 2009-08-05 - 00:19 | almost 15 years |
1.1.1 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |
1.0.5 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |
1.0.4 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |
1.0.3 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |
1.0.2 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |
1.0.1 | UNKNOWN | 4 | 2009-07-25 - 18:15 | almost 15 years |