RSS   Vulnerabilities for 'Weblate'   RSS

2022-03-04
 
CVE-2022-23915

CWE-88
 

 
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.

 
 
CVE-2022-24727

CWE-77
 

 
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.

 
2017-03-15
 
CVE-2017-5537

 

 
The password reset form in Weblate before 2.10.1 provides different error messages depending on whether the email address is associated with an account, which allows remote attackers to enumerate user accounts via a series of requests.

 


Copyright 2024, cxsecurity.com

 

Back to Top