Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oMmc1LTJyaHgtZmZnas0wSw
Command injection in Weblate
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.
Permalink: https://github.com/advisories/GHSA-h2g5-2rhx-ffgjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oMmc1LTJyaHgtZmZnas0wSw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-h2g5-2rhx-ffgj, CVE-2022-24727
References:
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3872-f48p-pxqj
- https://nvd.nist.gov/vuln/detail/CVE-2022-24727
- https://github.com/WeblateOrg/weblate/commit/35d59f1f040541c358cece0a8d4a63183ca919b8
- https://github.com/WeblateOrg/weblate/commit/d83672a3e7415da1490334e2c9431e5da1966842
- https://github.com/advisories/GHSA-h2g5-2rhx-ffgj
Blast Radius: 0.0
Affected Packages
pypi:Weblate
Dependent packages: 0Dependent repositories: 2
Downloads: 3,368 last month
Affected Version Ranges: < 4.11.1
Fixed in: 4.11.1
All affected versions: 2.10.1, 2.13.1, 2.14.1, 2.17.1, 2.19.1, 3.0.1, 3.1.1, 3.2.1, 3.2.2, 3.5.1, 3.6.1, 3.7.1, 3.9.1, 3.10.1, 3.10.2, 3.10.3, 3.11.1, 3.11.2, 3.11.3, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.1, 4.2.1, 4.2.2, 4.3.1, 4.3.2, 4.4.1, 4.4.2, 4.5.1, 4.5.2, 4.5.3, 4.6.1, 4.6.2, 4.7.1, 4.7.2, 4.8.1, 4.9.1, 4.10.1
All unaffected versions: 4.11.1, 4.11.2, 4.12.1, 4.12.2, 4.13.1, 4.14.1, 4.14.2, 4.15.1, 4.15.2, 4.16.1, 4.16.2, 4.16.3, 4.16.4, 4.18.1, 4.18.2, 5.0.1, 5.0.2, 5.1.1, 5.2.1, 5.3.1, 5.4.1, 5.4.2, 5.4.3