See on RubyGems

git 1.0.4

2 security vulnerabilities found in version 1.0.4

Command injection in ruby-git

critical severity CVE-2022-25648
critical severity CVE-2022-25648
Patched versions: >= 1.11.0

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Code injection in ruby git

high severity CVE-2022-47318
high severity CVE-2022-47318
Patched versions: >= 1.13.0

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

Gem version without a license.

Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.

This gem version is available.

This gem version has not been yanked and is still available for usage.