Vulnerability CVE-2022-24727
Published: 2022-03-04

Description:
Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.

Type:

CWE-77

 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Weblate -> Weblate 

 References:
https://github.com/WeblateOrg/weblate/commit/35d59f1f040541c358cece0a8d4a63183ca919b8
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3872-f48p-pxqj
https://github.com/WeblateOrg/weblate/commit/d83672a3e7415da1490334e2c9431e5da1966842
Copyright 2024, cxsecurity.com

 

Back to Top