Vulnerability Description
The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Weblate | Weblate | < 4.11.1 |
Related Weaknesses (CWE)
References
- https://github.com/WeblateOrg/weblate/pull/7337PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/pull/7338PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1PatchRelease NotesThird Party Advisory
- https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/pull/7337PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/pull/7338PatchThird Party Advisory
- https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1PatchRelease NotesThird Party Advisory
- https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088PatchThird Party Advisory
FAQ
What is CVE-2022-23915?
CVE-2022-23915 is a vulnerability with a CVSS score of 7.2 (HIGH). The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior...
How severe is CVE-2022-23915?
CVE-2022-23915 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23915?
Check the references section above for vendor advisories and patch information. Affected products include: Weblate Weblate.