{"id":"CVE-2022-47318","details":"ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.","aliases":["GHSA-pphf-gfrm-v32r"],"modified":"2026-05-15T11:53:57.053787233Z","published":"2023-01-17T00:00:00Z","database_specific":{"cna_assigner":"jpcert","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/47xxx/CVE-2022-47318.json"},"references":[{"type":"WEB","url":"https://jvn.jp/en/jp/JVN16765254/index.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/47xxx/CVE-2022-47318.json"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KPFLSZPUM7APWVBRM5DCAY5OUVQBF4K/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47318"},{"type":"FIX","url":"https://github.com/ruby-git/ruby-git/pull/602"},{"type":"PACKAGE","url":"https://github.com/ruby-git/ruby-git"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}